WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content - Version 5.8.4

Version Description

  • SSL monitoring
  • security features added
Download this release

Release Info

Developer gowebsmarty
Plugin Icon wp plugin WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content
Version 5.8.4
Comparing to
See all releases

Code changes from version 5.8.3 to 5.8.4

Files changed (11) hide show
  1. admin/assets/1-year-ssl.png +0 -0
  2. admin/assets/limited-offer.png +0 -0
  3. admin/assets/shield.png +0 -0
  4. admin/js/le-admin.js +4 -0
  5. admin/le_admin.php +1566 -1590
  6. admin/le_admin_pages.php +107 -12
  7. classes/le-core.php +4 -1
  8. classes/le-trait.php +36 -0
  9. lib/LEConnector.php +1 -0
  10. readme.txt +14 -11
  11. wp-letsencrypt.php +2 -2
admin/assets/1-year-ssl.png CHANGED
Binary file
admin/assets/limited-offer.png CHANGED
Binary file
admin/assets/shield.png ADDED
Binary file
admin/js/le-admin.js CHANGED
@@ -660,6 +660,10 @@
660
  alert(".htaccess file not writable! Please change .htaccess file permission to 644 in order to implement security headers.")
661
  $this.removeAttr("checked");
662
  return false;
 
 
 
 
663
  }
664
 
665
  $(".wple-score").text($new_score);
660
  alert(".htaccess file not writable! Please change .htaccess file permission to 644 in order to implement security headers.")
661
  $this.removeAttr("checked");
662
  return false;
663
+ } else if (response == 'wpconfignotwritable') {
664
+ alert("wp-config.php file not writable! Please change wp-config file permission to 644 in order to implement HttpOnly cookies.")
665
+ $this.removeAttr("checked");
666
+ return false;
667
  }
668
 
669
  $(".wple-score").text($new_score);
admin/le_admin.php CHANGED
@@ -29,8 +29,10 @@
29
  *
30
  * @since 5.1.1
31
  */
32
- require_once plugin_dir_path( __DIR__ ) . 'vendor/autoload.php';
33
- use WPLEClient\LEFunctions ;
 
 
34
  require_once WPLE_DIR . 'classes/le-core.php';
35
  require_once WPLE_DIR . 'classes/le-subdir-challenge.php';
36
  /**
@@ -41,353 +43,351 @@ require_once WPLE_DIR . 'classes/le-subdir-challenge.php';
41
  */
42
  class WPLE_Admin
43
  {
44
- private $FIREWALL ;
45
- public function __construct()
46
- {
47
- add_action( 'admin_enqueue_scripts', array( $this, 'wple_admin_styles' ) );
48
- add_action( 'admin_menu', array( $this, 'wple_admin_menu_page' ) );
49
- add_action(
50
- 'before_wple_admin_form',
51
- array( $this, 'wple_debug_log' ),
52
- 20,
53
- 1
54
- );
55
- add_action( 'admin_init', array( $this, 'wple_admin_init_hooks' ) );
56
- add_action( 'plugins_loaded', array( $this, 'wple_load_plugin_textdomain' ) );
57
- $show_rev = get_option( 'wple_show_review' );
58
- if ( $show_rev != FALSE && $show_rev == 1 && FALSE === get_option( 'wple_show_review_disabled' ) ) {
59
- add_action( 'admin_notices', array( $this, 'wple_rateus' ) );
60
- }
61
- if ( FALSE !== get_option( 'wple_show_reminder' ) ) {
62
- add_action( 'admin_notices', [ $this, 'wple_reminder_notice' ] );
63
- }
64
- // if (FALSE === get_option('wple_backup_suggested')) { //since 5.7.14
65
- // add_action('admin_notices', [$this, 'wple_backup_suggestion']);
66
- // }
67
- if ( FALSE !== get_option( 'wple_mixed_issues' ) && FALSE === get_option( 'wple_mixed_issues_disabled' ) ) {
68
- //since 5.3.12
69
- add_action( 'admin_notices', [ $this, 'wple_mixed_content_notice' ] );
70
- }
71
- if ( isset( $_GET['successnotice'] ) ) {
72
- add_action( 'admin_notices', array( $this, 'wple_success_notice' ) );
73
- }
74
- add_action( 'wple_show_reviewrequest', array( $this, 'wple_set_review_flag' ) );
75
- add_action( 'wp_ajax_wple_dismiss', array( $this, 'wple_dismiss_notice' ) );
76
- add_action( 'wp_ajax_wple_admin_dnsverify', [ $this, 'wple_ajx_verify_dns' ] );
77
- add_action( 'wple_ssl_reminder_notice', [ $this, 'wple_start_show_reminder' ] );
78
- add_action( 'wp_ajax_wple_admin_httpverify', [ $this, 'wple_ajx_verify_http' ] );
79
- add_action( 'wp_ajax_wple_validate_ssl', [ $this, 'wple_validate_nocp_ssl' ] );
80
- add_action( 'wp_ajax_wple_getcert_for_copy', [ $this, 'wple_retrieve_certs_forcopy' ] );
81
- add_action( 'wp_ajax_wple_include_www', [ $this, 'wple_include_www_check' ] );
82
- add_action( 'wp_ajax_wple_backup_ignore', [ $this, 'wple_ignore_backup_suggest' ] );
83
- add_filter( 'fs_uninstall_reasons_wp-letsencrypt-ssl', [ $this, 'wple_oneyearprom' ], 1 );
84
  }
85
-
86
- /**
87
- * Enqueue admin styles
88
- *
89
- * @since 1.0.0
90
- * @return void
91
- */
92
- public function wple_admin_styles()
93
- {
94
- wp_enqueue_style(
95
- WPLE_NAME,
96
- WPLE_URL . 'admin/css/le-admin.min.css',
97
- FALSE,
98
- WPLE_PLUGIN_VERSION,
99
- 'all'
100
- );
101
- wp_enqueue_script(
102
- WPLE_NAME . '-popper',
103
- WPLE_URL . 'admin/js/popper.min.js',
104
- array( 'jquery' ),
105
- WPLE_PLUGIN_VERSION,
106
- true
107
- );
108
- wp_enqueue_script(
109
- WPLE_NAME . '-tippy',
110
- WPLE_URL . 'admin/js/tippy-bundle.iife.min.js',
111
- array( 'jquery' ),
112
- WPLE_PLUGIN_VERSION,
113
- true
114
- );
115
- wp_enqueue_script(
116
- WPLE_NAME,
117
- WPLE_URL . 'admin/js/le-admin.js',
118
- array( 'jquery', WPLE_NAME . '-tippy', WPLE_NAME . '-popper' ),
119
- WPLE_PLUGIN_VERSION,
120
- true
121
- );
122
- wp_enqueue_script(
123
- WPLE_NAME . '-fs',
124
- 'https://checkout.freemius.com/checkout.min.js',
125
- array( 'jquery' ),
126
- WPLE_PLUGIN_VERSION,
127
- false
128
- );
129
- wp_localize_script( WPLE_NAME, 'SCAN', array(
130
- 'adminajax' => admin_url( '/admin-ajax.php' ),
131
- 'base' => site_url( '/', 'https' ),
132
- ) );
133
  }
134
-
135
- /**
136
- * Register plugin page
137
- *
138
- * @since 1.0.0
139
- * @return void
140
- */
141
- public function wple_admin_menu_page()
142
- {
143
- add_menu_page(
144
- WPLE_NAME,
145
- WPLE_NAME,
146
- 'manage_options',
147
- WPLE_SLUG,
148
- array( $this, 'wple_menu_page' ),
149
- plugin_dir_url( __DIR__ ) . 'admin/assets/icon.png',
150
- 100
151
- );
152
  }
153
-
154
- public function wple_load_plugin_textdomain()
155
- {
156
- load_plugin_textdomain( 'wp-letsencrypt-ssl', FALSE, basename( dirname( __FILE__ ) ) . '/languages/' );
157
  }
158
-
159
- /**
160
- * Plugin page HTML
161
- *
162
- * @since 1.0.0
163
- * @return void
164
- */
165
- public function wple_menu_page()
166
- {
167
-
168
- if ( FALSE === get_option( 'wple_version' ) ) {
169
- delete_option( 'wple_plan_choose' );
170
- update_option( 'wple_version', WPLE_PLUGIN_VERSION );
171
- } else {
172
-
173
- if ( version_compare( get_option( 'wple_version' ), '5.8.1', '<=' ) ) {
174
- delete_option( 'wple_plan_choose' );
175
- update_option( 'wple_version', WPLE_PLUGIN_VERSION );
176
- }
177
-
178
- }
179
-
180
- $this->wple_subdir_ipaddress();
181
- $eml = '';
182
- $leopts = get_option( 'wple_opts' );
183
- if ( $opts = get_option( 'wple_opts' ) ) {
184
- $eml = ( isset( $opts['email'] ) ? $opts['email'] : '' );
185
- }
186
- $pluginmode = 'FREE';
187
- $errorclass = '';
188
-
189
- if ( !wple_fs()->is__premium_only() && wple_fs()->can_use_premium_code() ) {
190
- $pluginmode = 'FREE plugin with PRO License <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="Please upload and activate PRO plugin file via PLUGINS page"></span>';
191
- $errorclass = ' notproerror';
192
- }
193
-
194
-
195
- if ( wple_fs()->is__premium_only() && !wple_fs()->can_use_premium_code() ) {
196
- $pluginmode = 'PRO plugin with FREE License <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="Please activate PRO license key via Account page or Activate License option under the plugin on PLUGINS page"></span>';
197
- $errorclass = ' notproerror';
198
- }
199
-
200
- $html = '
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
201
  <div class="wple-header">
202
  <div>
203
  <img src="' . WPLE_URL . 'admin/assets/logo.png" class="wple-logo"/> <span class="wple-version">v' . WPLE_PLUGIN_VERSION . ' <span class="wple-pmode' . $errorclass . '">' . $pluginmode . '</span></span>
204
  </div>';
205
- WPLE_Trait::wple_headernav( $html );
206
- $html .= '</div>';
207
-
208
- if ( FALSE === get_option( 'wple_plan_choose' ) || isset( $_GET['comparison'] ) ) {
209
- $this->wple_initial_quick_pricing( $html );
210
- return;
211
- }
212
-
213
- //5.1.0
214
- $complete = ( FALSE !== get_option( 'wple_complete' ) ? 1 : 0 );
215
-
216
- if ( $complete ) {
217
- $html .= '<div id="wple-sslgen">';
218
- $this->wple_completed_block( $html );
219
- $html .= '</div>';
220
- if ( !wple_fs()->is__premium_only() || !wple_fs()->can_use_premium_code() ) {
221
- $this->wple_upgrade_block( $html );
222
- }
223
- echo $html ;
224
- return;
225
- }
226
-
227
- $this->wple_success_block( $html );
228
- $this->wple_error_block( $html );
229
- if ( !isset( $_GET['wpleauto'] ) && isset( $_GET['subdir'] ) ) {
230
- $this->wple_subdir_challenges( $html, $leopts );
231
- }
232
-
233
- if ( !wple_fs()->is__premium_only() || !wple_fs()->can_use_premium_code() ) {
234
-
235
- if ( isset( $_GET['subdir'] ) ) {
236
- $this->wple_upgrade_block( $html );
237
- echo $html ;
238
- return;
239
- }
240
-
241
-
242
- if ( isset( $_GET['success'] ) ) {
243
- $this->wple_upgrade_block( $html );
244
- echo $html ;
245
- return;
246
- }
247
-
248
- }
249
-
250
- $prosupport = WPLE_Trait::wple_kses( sprintf( __( 'Brought to you by %sWP Encryption%s.' ), '<a href="https://wpencryption.com" target="_blank">', '</a>' ), 'a' );
251
-
252
- if ( !is_plugin_active( 'backup-bolt/backup-bolt.php' ) && FALSE === get_option( 'wple_backup_suggested' ) ) {
253
- $action = 'install-plugin';
254
- $slug = 'backup-bolt';
255
- $pluginstallURL = wp_nonce_url( add_query_arg( array(
256
- 'action' => $action,
257
- 'plugin' => $slug,
258
- ), admin_url( 'update.php' ) ), $action . '_' . $slug );
259
- $html .= '
260
  <div class="le-powered">
261
- <!--<span>' . $prosupport . ' ' . WPLE_Trait::wple_kses( sprintf( 'SSL Certificate will be generated by %s (An open certificate authority).', "<b>Let's Encrypt<sup style=\"font-size: 10px; padding: 3px\">TM</sup></b>" ) ) . '</span>-->
262
  <span style="display: flex;align-items: center;"><strong>Recommended:-</strong> Before enforcing HTTPS, We highly recommend taking a backup of your site using some good backup plugin like <img src="' . WPLE_URL . '/admin/assets/backup-bolt.png" style="max-width:120px"> - <a href="' . $pluginstallURL . '" target="_blank">Install & Activate Backup Bolt</a> | <a href="#" class="wple-backup-skip">Ignore</a></span>
263
  </div>';
264
- }
265
-
266
- $mappeddomain = '';
267
- $formheader = esc_html__( 'SSL INSTALL FORM - ENTER YOUR EMAIL BELOW & GENERATE SSL CERTIFICATE', 'wp-letsencrypt-ssl' );
268
- $currentdomain = esc_html( str_ireplace( array( 'http://', 'https://' ), array( '', '' ), site_url() ) );
269
- $maindomain = $currentdomain;
270
- $slashpos = stripos( $currentdomain, '/' );
271
-
272
- if ( FALSE !== $slashpos ) {
273
- //subdir installation
274
- $maindomain = substr( $currentdomain, 0, $slashpos );
275
- $mappeddomain = '<label style="display: block; padding: 10px 5px; color: #aaa;font-size:15px;">' . esc_html__( 'PRIMARY DOMAIN', 'wp-letsencrypt-ssl' ) . '</label>
276
- <p style="width: 800px; max-width:100%; margin: 5px auto 20px;">' . WPLE_Trait::wple_kses( sprintf( __( '<strong>NOTE:</strong> Since you are willing to install SSL certificate for sub-directory site, SSL certificate will be generated for your primary domain <strong>%s</strong> which will cover your primary domain + ALL sub-directory sites.', 'wp-letsencrypt-ssl' ), $maindomain ) ) . '</p>
277
- <input type="text" name="wple_domain" class="wple-domain-input" value="' . esc_attr( $maindomain ) . '" readonly><br />';
278
- }
279
-
280
- //since 5.3.4
281
- $tempdomain = '';
282
- if ( FALSE !== stripos( $maindomain, 'temp.domains' ) || FALSE !== stripos( $maindomain, '~' ) ) {
283
- $tempdomain = '<p style="width: 800px; max-width:100%; margin: 5px auto 20px;">' . sprintf(
284
- esc_html__( "%sWARNING:%s You are trying to install SSL for %stemporary domain%s which is not possible. Please point your real domain like wpencryption.com to your site and update your site url in %ssettings%s > %sgeneral%s before you could generate SSL.", "wp-letsencrypt-ssl" ),
285
- "<strong>",
286
- "</strong>",
287
- "<strong>",
288
- "</strong>",
289
- "<strong>",
290
- "</strong>",
291
- "<strong>",
292
- "</strong>"
293
- ) . '</p>';
294
- }
295
- if ( isset( $leopts['type'] ) && $leopts['type'] == 'wildcard' ) {
296
- $html .= '<script>
297
  jQuery(document).ready(function(){
298
  jQuery(".single-wildcard-switch").trigger("click");
299
  });
300
  </script>';
301
- }
302
- $html .= '<div id="wple-sslgen">
303
  <h2>' . $formheader . '</h2>
304
- <div style="text-align: center; margin-top: -30px; font-size: 16px;"><a style="text-decoration-style:dashed;text-decoration-thickness: from-font;" href="' . admin_url( 'admin.php?page=wp_encryption_faq#howitworks' ) . '">How it works?</a></div>';
305
- if ( is_multisite() && !wple_fs()->can_use_premium_code__premium_only() ) {
306
- $html .= '<p class="wple-multisite">' . WPLE_Trait::wple_kses( __( 'Upgrade to <strong>PRO</strong> version to avail Wildcard SSL support for multisite and ability to install SSL for mapped domains (different domain names).', 'wp-letsencrypt-ssl' ) ) . '</p>';
307
- }
308
- $html .= WPLE_Trait::wple_progress_bar();
309
- //$cname = '';
310
- //if (FALSE === stripos($currentdomain, '/')) {
311
- // if (stripos($currentdomain, 'www') === FALSE) {
312
- // $cname = '<span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="' . esc_attr__("Add a CNAME with name 'www' pointing to your non-www domain", 'wp-letsencrypt-ssl') . '. ' . esc_attr__("Refer FAQ if you want to generate SSL for both www & non-www domain.", 'wp-letsencrypt-ssl') . '"></span>';
313
- // } else {
314
- //$cname = '<span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="' . esc_attr__("Refer FAQ if you want to generate SSL for both www & non-www domain.", 'wp-letsencrypt-ssl') . '"></span>';
315
- //}
316
- //}
317
- $bothchecked = '';
318
- $leadminform = '<form method="post" class="le-genform single-genform">' . $mappeddomain . $tempdomain . '
319
- <input type="email" name="wple_email" class="wple_email" value="' . esc_attr( $eml ) . '" placeholder="' . esc_attr__( 'Enter your email address', 'wp-letsencrypt-ssl' ) . '" title="' . esc_attr__( 'All email notifications are sent to this email ID', 'wp-letsencrypt-ssl' ) . '" ><br />';
320
- // if (FALSE === stripos('www', $maindomain)) {
321
- // $altdomain = 'www.' . $maindomain;
322
- // } else {
323
- // $altdomain = str_ireplace('www.', '', $maindomain);
324
- // }
325
- // $altdomaintest = wp_remote_head('http://' . $altdomain, array('sslverify' => false, 'timeout' => 30));
326
- ///if (!is_wp_error($altdomaintest) || isset($_GET['includewww'])) {
327
- if ( isset( $_GET['includewww'] ) ) {
328
- $bothchecked = 'checked';
329
- }
330
- $leadminform .= '<span class="lecheck">
331
  <label class="checkbox-label">
332
  <input type="checkbox" name="wple_include_www" class="wple_include_www" value="1" ' . $bothchecked . '>
333
  <span class="checkbox-custom rectangular"></span>
334
  </label>
335
- ' . esc_html__( 'Generate SSL Certificate for both www & non-www version of domain', 'wp-letsencrypt-ssl' ) . '&nbsp; <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="' . esc_attr__( "Before enabling this - please make sure both www & non-www version of your domain works!. Add a CNAME with name 'www' pointing to your non-www domain in your domain DNS zone editor", 'wp-letsencrypt-ssl' ) . '"></span></label>
336
  </span><br />';
337
- ///}
338
-
339
- if ( isset( $_GET['includeemail'] ) ) {
340
- $leadminform .= '<span class="lecheck">
341
  <label class="checkbox-label">
342
  <input type="checkbox" name="wple_include_mail" class="wple_include_mail" value="1">
343
  <span class="checkbox-custom rectangular"></span>
344
  </label>
345
- ' . esc_html__( 'Secure POP/IMAP email server', 'wp-letsencrypt-ssl' ) . '&nbsp; <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="' . sprintf( esc_attr__( "This option will secure %s but DNS based domain verification is MANDATORY", 'wp-letsencrypt-ssl' ), 'mail.' . $maindomain ) . '"></span></label>
346
  </span><br />';
347
- $webmail = 'webmail.' . $maindomain;
348
- $leadminform .= '<span class="lecheck">
349
  <label class="checkbox-label">
350
  <input type="checkbox" name="wple_include_webmail" class="wple_include_webmail" value="1">
351
  <span class="checkbox-custom rectangular"></span>
352
  </label>
353
- ' . sprintf( esc_html__( 'Secure %s', 'wp-letsencrypt-ssl' ), $webmail ) . '&nbsp; <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="' . sprintf( esc_attr__( "This option will secure %s but DNS based domain verification is MANDATORY", 'wp-letsencrypt-ssl' ), $webmail ) . '"></span></label>
354
  </span><br />';
355
- }
356
-
357
- $leadminform .= '<span class="lecheck">
358
  <label class="checkbox-label">
359
  <input type="checkbox" name="wple_send_usage" value="1" checked>
360
  <span class="checkbox-custom rectangular"></span>
361
  </label>
362
- ' . esc_html__( 'Anonymously send response data to get better support', 'wp-letsencrypt-ssl' ) . '</label>
363
  </span><br />';
364
- $leadminform .= '<span class="lecheck">
365
  <label class="checkbox-label">
366
  <input type="checkbox" name="wple_agree_le_tos" class="wple_agree_le" value="1">
367
  <span class="checkbox-custom rectangular"></span>
368
  </label>
369
- ' . WPLE_Trait::wple_kses( sprintf(
370
- __( "I agree to %sLet's Encrypt%s %sTerms of service%s", "wp-letsencrypt-ssl" ),
371
- '<b>',
372
- '<sup style="font-size: 10px; padding: 3px">TM</sup></b>',
373
- '<a href="' . esc_attr__( 'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf', 'wp-letsencrypt-ssl' ) . '" rel="nofollow" target="_blank" style="margin-left:5px">',
374
- '</a>'
375
- ), 'a' ) . '
376
  </span>
377
  <span class="lecheck">
378
  <label class="checkbox-label">
379
  <input type="checkbox" name="wple_agree_gws_tos" class="wple_agree_gws" value="1">
380
  <span class="checkbox-custom rectangular"></span>
381
  </label>
382
- ' . WPLE_Trait::wple_kses( sprintf( __( "I agree to <b>WP Encryption</b> %sTerms of service%s", "wp-letsencrypt-ssl" ), '<a href="https://gowebsmarty.com/terms-and-conditions/" rel="nofollow" target="_blank" style="margin-left:5px">', '</a>' ), 'a' ) . '
383
  </span>
384
  ' . wp_nonce_field(
385
- 'legenerate',
386
- 'letsencrypt',
387
- false,
388
- false
389
- ) . '
390
- <button type="submit" name="generate-certs" id="singledvssl">' . esc_html__( 'Generate SSL Certificate', 'wp-letsencrypt-ssl' ) . '</button>
391
  </form>
392
 
393
  <div id="wple-error-popper">
@@ -396,330 +396,325 @@ class WPLE_Admin
396
  <div class="wple-error">Error</div>
397
  </div>
398
  </div>';
399
- $nonwww = str_ireplace( 'www.', '', $currentdomain );
400
- if ( FALSE !== ($ps = stripos( $nonwww, '/' )) ) {
401
- $nonwww = substr( $nonwww, 0, $ps );
402
- }
403
- $wwwdomain = 'www.' . $nonwww;
404
-
405
- if ( FALSE != stripos( $currentdomain, 'www.' ) ) {
406
- $wwwdomain = $nonwww;
407
- $nonwww = 'www.' . $nonwww;
408
- }
409
-
410
- $showonpro = '';
411
- $html .= '<div class="wple-single-dv-ssl">
412
  <div class="wple-info-box">
413
- <h3>' . esc_html__( 'Domains Covered', 'wp-letsencrypt-ssl' ) . '</h3>
414
  <strong>' . $nonwww . '</strong>
415
  <div class="wple-www' . $showonpro . '"><strong>' . $wwwdomain . '</strong></div>
416
  <div class="wple-wc"><strong>*.' . $nonwww . '</strong></div>
417
  </div>';
418
- ob_start();
419
- do_action( 'before_wple_admin_form', $html );
420
- $html .= ob_get_contents();
421
- ob_end_clean();
422
- $html .= apply_filters( 'wple_admin_form', $leadminform );
423
- ob_start();
424
- do_action( 'after_wple_admin_form', $html );
425
- $html .= ob_get_contents();
426
- ob_end_clean();
427
- $html .= '</div>';
428
- $html .= '
429
  </div><!--wple-sslgen-->';
430
-
431
- if ( !wple_fs()->is__premium_only() || !wple_fs()->can_use_premium_code() ) {
432
- $this->wple_upgrade_block( $html );
433
- } else {
434
- $this->wple_expert_block( $html );
435
- }
436
-
437
- echo $html ;
438
  }
439
-
440
- /**
441
- * log process & error in debug.log file
442
- *
443
- * @since 1.0.0
444
- * @param string $html
445
- * @return void
446
- */
447
- public function wple_debug_log( $html )
448
- {
449
-
450
- if ( !file_exists( WPLE_DEBUGGER ) ) {
451
- wp_mkdir_p( WPLE_DEBUGGER );
452
- $htacs = '<Files debug.log>' . "\n" . 'Order allow,deny' . "\n" . 'Deny from all' . "\n" . '</Files>';
453
- file_put_contents( WPLE_DEBUGGER . '.htaccess', $htacs );
454
- }
455
-
456
- //show only upon error since 4.6.0
457
-
458
- if ( isset( $_GET['error'] ) ) {
459
- $html = '<div class="toggle-debugger"><span class="dashicons dashicons-arrow-down-alt2"></span> ' . esc_html__( 'Show/hide full response', 'wp-letsencrypt-ssl' ) . '</div>';
460
- $file = WPLE_DEBUGGER . 'debug.log';
461
-
462
- if ( file_exists( $file ) ) {
463
- $log = file_get_contents( $file );
464
- $hideh2 = '';
465
- if ( isset( $_GET['dnsverified'] ) || isset( $_GET['dnsverify'] ) ) {
466
- $hideh2 = 'hideheader';
467
- }
468
- $html .= '<div class="le-debugger running ' . $hideh2 . '"><h3>' . esc_html__( 'Response Log', 'wp-letsencrypt-ssl' ) . ':</h3>' . WPLE_Trait::wple_kses( nl2br( $log ) ) . '</div>';
469
- } else {
470
- $html .= '<div class="le-debugger">' . esc_html__( "Full response will be shown here", 'wp-letsencrypt-ssl' ) . '</div>';
471
- }
472
-
473
- echo $html ;
474
- }
475
-
476
  }
477
-
478
- /**
479
- * Save email & proceed upon clicking install SSL
480
- *
481
- * @since 1.0.0
482
- * @return void
483
- */
484
- public function wple_save_email_generate_certs()
485
- {
486
- //since 2.4.0
487
- //force https upon success
488
-
489
- if ( isset( $_POST['wple-https'] ) ) {
490
- if ( !wp_verify_nonce( $_POST['sslready'], 'wplehttps' ) || !current_user_can( 'manage_options' ) ) {
491
- exit( 'Unauthorized access' );
492
- }
493
- $basedomain = str_ireplace( array( 'http://', 'https://' ), array( '', '' ), addslashes( site_url() ) );
494
- //4.7
495
- if ( FALSE != stripos( $basedomain, '/' ) ) {
496
- $basedomain = substr( $basedomain, 0, stripos( $basedomain, '/' ) );
497
- }
498
- $client = WPLE_Trait::wple_verify_ssl( $basedomain );
499
-
500
- if ( !$client && !is_ssl() ) {
501
- wp_redirect( admin_url( '/admin.php?page=wp_encryption&success=1&nossl=1', 'http' ) );
502
- exit;
503
- }
504
-
505
- // $SSLCheck = @fsockopen("ssl://" . $basedomain, 443, $errno, $errstr, 30);
506
- // if (!$SSLCheck) {
507
- // wp_redirect(admin_url('/admin.php?page=wp_encryption&success=1&nossl=1', 'http'));
508
- // exit();
509
- // }
510
- $reverter = uniqid( 'wple' );
511
- $savedopts = get_option( 'wple_opts' );
512
- $savedopts['force_ssl'] = 1;
513
- $savedopts['revertnonce'] = $reverter;
514
- ///WPLE_Trait::wple_send_reverter_secret($reverter);
515
- update_option( 'wple_opts', $savedopts );
516
- delete_option( 'wple_error' );
517
- //complete
518
- update_option( 'wple_complete', 1 );
519
- update_option( 'siteurl', str_ireplace( 'http:', 'https:', get_option( 'siteurl' ) ) );
520
- update_option( 'home', str_ireplace( 'http:', 'https:', get_option( 'home' ) ) );
521
- wp_redirect( admin_url( '/admin.php?page=wp_encryption', 'https' ) );
522
- exit;
523
- }
524
-
525
- //single domain ssl
526
-
527
- if ( isset( $_POST['generate-certs'] ) ) {
528
- if ( !wp_verify_nonce( $_POST['letsencrypt'], 'legenerate' ) || !current_user_can( 'manage_options' ) ) {
529
- die( 'Unauthorized request' );
530
- }
531
- if ( empty($_POST['wple_email']) ) {
532
- wp_die( esc_html__( 'Please input valid email address', 'wp-letsencrypt-ssl' ) );
533
- }
534
- $leopts = array(
535
- 'email' => sanitize_email( $_POST['wple_email'] ),
536
- 'date' => date( 'd-m-Y' ),
537
- 'expiry' => '',
538
- 'type' => 'single',
539
- 'send_usage' => ( isset( $_POST['wple_send_usage'] ) ? 1 : 0 ),
540
- 'include_www' => ( isset( $_POST['wple_include_www'] ) ? 1 : 0 ),
541
- 'include_mail' => ( isset( $_POST['wple_include_mail'] ) ? 1 : 0 ),
542
- 'include_webmail' => ( isset( $_POST['wple_include_webmail'] ) ? 1 : 0 ),
543
- 'agree_gws_tos' => ( isset( $_POST['wple_agree_gws_tos'] ) ? 1 : 0 ),
544
- 'agree_le_tos' => ( isset( $_POST['wple_agree_le_tos'] ) ? 1 : 0 ),
545
- );
546
-
547
- if ( isset( $_POST['wple_domain'] ) && !is_multisite() ) {
548
- $leopts['subdir'] = 1;
549
- $leopts['domain'] = sanitize_text_field( $_POST['wple_domain'] );
550
- }
551
-
552
- update_option( 'wple_opts', $leopts );
553
- new WPLE_Core( $leopts );
554
- }
555
-
556
  }
557
-
558
- /**
559
- * Download cert files based on clicked link
560
- *
561
- * certs for multisite mapped domains cannot be downloaded yet
562
- * @since 1.0.0
563
- * @return void
564
- */
565
- public function wple_download_files()
566
- {
567
-
568
- if ( isset( $_GET['le'] ) && current_user_can( 'manage_options' ) ) {
569
- switch ( $_GET['le'] ) {
570
- case '1':
571
- $file = uniqid() . '-cert.crt';
572
- file_put_contents( $file, file_get_contents( ABSPATH . 'keys/certificate.crt' ) );
573
- break;
574
- case '2':
575
- $file = uniqid() . '-key.pem';
576
- file_put_contents( $file, file_get_contents( ABSPATH . 'keys/private.pem' ) );
577
- break;
578
- case '3':
579
- $file = uniqid() . '-cabundle.crt';
580
-
581
- if ( file_exists( ABSPATH . 'keys/cabundle.crt' ) ) {
582
- $cabundlefile = file_get_contents( ABSPATH . 'keys/cabundle.crt' );
583
- } else {
584
- $cabundlefile = file_get_contents( WPLE_DIR . 'cabundle/ca.crt' );
585
- }
586
-
587
- file_put_contents( $file, $cabundlefile );
588
- break;
589
- }
590
- header( 'Content-Description: File Transfer' );
591
- header( 'Content-Type: text/plain' );
592
- header( 'Content-Length: ' . filesize( $file ) );
593
- header( 'Content-Disposition: attachment; filename=' . basename( $file ) );
594
- readfile( $file );
595
- if ( file_exists( $file ) ) {
596
- unlink( $file );
597
- }
598
- exit;
599
- }
600
-
 
 
 
601
  }
602
-
603
- /**
604
- * Rate us admin notice
605
- *
606
- * @since 2.0.0
607
- * @return void
608
- */
609
- public function wple_rateus()
610
- {
611
- $cert = ABSPATH . 'keys/certificate.crt';
612
-
613
- if ( file_exists( $cert ) ) {
614
- if ( isset( $_GET['page'] ) && $_GET['page'] == 'wp_encryption' ) {
615
- return;
616
- }
617
- $reviewnonce = wp_create_nonce( 'wplereview' );
618
- $html = '<div class="notice notice-info wple-admin-review">
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
619
  <div class="wple-review-box">
620
  <img src="' . WPLE_URL . 'admin/assets/symbol.png"/>
621
- <span><strong>' . esc_html__( 'Congratulations!', 'wp-letsencrypt-ssl' ) . '</strong><p>' . WPLE_Trait::wple_kses( __( 'SSL certificate generated successfully!. <b>WP Encryption</b> just saved you several $$$ by generating free SSL certificate in record time!. Could you please do us a BIG favor & rate us with 5 star review to support further development of this plugin.', 'wp-letsencrypt-ssl' ) ) . '</p></span>
622
  </div>
623
- <a class="wple-lets-review wplerevbtn" href="https://wordpress.org/support/plugin/wp-letsencrypt-ssl/reviews/#new-post" rel="nofollow noopener" target="_blank">' . esc_html__( 'Rate plugin', 'wp-letsencrypt-ssl' ) . '</a>
624
- <a class="wple-did-review wplerevbtn" href="#" data-nc="' . esc_attr( $reviewnonce ) . '" data-action="1">' . esc_html__( "Don't show again", 'wp-letsencrypt-ssl' ) . '</a>
625
- <a class="wple-later-review wplerevbtn" href="#" data-nc="' . esc_attr( $reviewnonce ) . '" data-action="2">' . esc_html__( 'Remind me later', 'wp-letsencrypt-ssl' ) . '&nbsp;<span class="dashicons dashicons-clock"></span></a>
626
  </div>';
627
- echo $html ;
628
- }
629
-
630
  }
631
-
632
- /**
633
- * Check if wp install is IP or subdir based
634
- *
635
- * @since 2.4.0
636
- * @return void
637
- */
638
- public function wple_subdir_ipaddress()
639
- {
640
- $siteURL = str_ireplace( array( 'http://', 'https://', 'www.' ), array( '', '', '' ), site_url() );
641
- $flg = 0;
642
- if ( filter_var( $siteURL, FILTER_VALIDATE_IP ) ) {
643
- $flg = 1;
644
- }
645
- if ( FALSE !== stripos( $siteURL, 'localhost' ) ) {
646
- $flg = 1;
647
- }
648
-
649
- if ( FALSE != stripos( $siteURL, '/' ) && is_multisite() ) {
650
- $html = '<div class="wrap" id="le-wrap">
 
651
  <div class="le-inner">
652
  <div class="wple-header">
653
- <img src="' . WPLE_URL . 'admin/assets/logo.png" class="wple-logo"/> <span class="wple-version">v' . esc_html( WPLE_PLUGIN_VERSION ) . '</span>
654
  </div>
655
  <div class="wple-warning-notice">
656
- <h2>' . esc_html__( 'You do not need to install SSL for each sub-directory site in multisite, Please install SSL for your primary domain and it will cover ALL sub directory sites too.', 'wp-letsencrypt-ssl' ) . '</h2>
657
  </div>
658
  </div>
659
  </div>';
660
- echo $html ;
661
- wp_die();
662
- }
663
-
664
-
665
- if ( $flg ) {
666
- $html = '<div class="wrap" id="le-wrap">
667
  <div class="le-inner">
668
  <div class="wple-header">
669
- <img src="' . WPLE_URL . 'admin/assets/logo.png" class="wple-logo"/> <span class="wple-version">v' . esc_html( WPLE_PLUGIN_VERSION ) . '</span>
670
  </div>
671
  <div class="wple-warning-notice">
672
- <h2>' . esc_html__( 'SSL Certificates cannot be issued for localhost and IP address based WordPress site. Please use this on your real domain based WordPress site.', 'wp-letsencrypt-ssl' ) . ' ' . esc_html__( 'This restriction is not implemented by WP Encryption but its how SSL certificates work.', 'wp-letsencrypt-ssl' ) . '</h2>
673
  </div>
674
  </div>
675
  </div>';
676
- echo $html ;
677
- wp_die();
678
- }
679
-
680
  }
681
-
682
- /**
683
- * Upgrade to PRO
684
- *
685
- * @param string $html
686
- * @since 2.5.0
687
- * @return void
688
- */
689
- public function wple_upgrade_block( &$html )
690
- {
691
- $upgradeurl = admin_url( '/admin.php?page=wp_encryption-pricing' );
692
- ///$upgradeurl = admin_url('/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=8210&plan_name=pro&billing_cycle=lifetime&pricing_id=7965&currency=usd&coupon=FIRSTBUY');
693
- $nopricing = get_option( 'wple_no_pricing' );
694
- //gdy
695
- $cp = get_option( 'wple_have_cpanel' );
696
- // if (FALSE === $nopricing && !$cp) { //not gdy & not cpanel
697
- // $nopricing = rand(0, 1);
698
- // }
699
- $automatic = esc_html__( 'Automatic', 'wp-letsencrypt-ssl' );
700
- $manual = esc_html__( 'Manual', 'wp-letsencrypt-ssl' );
701
- $domain = str_ireplace( array( 'https://', 'http://', 'www.' ), '', site_url() );
702
- $dverify = $automatic;
703
- if ( stripos( $domain, '/' ) != FALSE ) {
704
- //subdir site
705
- $dverify = $manual;
706
- }
707
- $html .= '
 
708
  <div id="wple-upgradepro">';
709
-
710
- if ( FALSE !== $cp && $cp ) {
711
- $html .= '<strong style="display: block; text-align: center; color: #666;">Woot Woot! You have <b>CPANEL</b>! Why struggle with manual SSL renewal every 90 days? - Enjoy 100% automation with PRO version.</strong>';
712
- ///$upgradeurl = admin_url('/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=8210&plan_name=pro&billing_cycle=lifetime&pricing_id=7965&currency=usd');
713
- }
714
-
715
- $compareurl = 'https://wpencryption.com?utm_source=wordpress&utm_medium=comparison&utm_campaign=wpencryption';
716
- //$compareurl = admin_url('/admin.php?page=wp_encryption&comparison=1');
717
-
718
- if ( $nopricing ) {
719
- $compareurl = admin_url( '/admin.php?page=wp_encryption&comparison=1' );
720
- //$upgradeurl = admin_url('/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=11394&plan_name=pro&billing_cycle=annual&pricing_id=11717&currency=usd');
721
- //$upgradeurl = 'https://checkout.freemius.com/mode/dialog/plugin/5090/plan/10643/'; //CDN
722
- $html .= '<div class="wple-error-firewall fire-pro wple-procdn">
723
  <div>
724
  <img src="' . WPLE_URL . 'admin/assets/firewall-shield-pro.png"/>
725
  </div>
@@ -730,103 +725,103 @@ class WPLE_Admin
730
  <span><b>Automatic CDN</b><br>Your site is served from 42 full scale edge locations for faster content delivery and fastest performance.</span>
731
  </div>
732
  </div>';
733
- } else {
734
- $html .= '<div class="wple-plans">
735
- <span class="free">* ' . esc_html__( 'FREE', 'wp-letsencrypt-ssl' ) . '</span>
736
- <span class="pro">* ' . esc_html__( 'PRO', 'wp-letsencrypt-ssl' ) . '</span>
737
  </div>
738
  <div class="wple-plan-compare">
739
  <div class="wple-compare-item">
740
  <img src="' . WPLE_URL . 'admin/assets/verified.png"/>
741
- <h4>' . esc_html__( 'HTTP Verification', 'wp-letsencrypt-ssl' ) . '</h4>
742
  <span class="wple-free">' . $manual . '</span>
743
  <span class="wple-pro">' . $automatic . '</span>
744
  </div>
745
  <div class="wple-compare-item">
746
  <img src="' . WPLE_URL . 'admin/assets/DNS.png"/>
747
- <h4>' . esc_html__( 'DNS Verification', 'wp-letsencrypt-ssl' ) . ' <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="' . esc_attr__( 'In case of HTTP verification fail / not possible', 'wp-letsencrypt-ssl' ) . '"></span></h4>
748
  <span class="wple-free">' . $manual . '</span>
749
  <span class="wple-pro">' . $automatic . '</span>
750
  </div>
751
  <div class="wple-compare-item">
752
  <img src="' . WPLE_URL . 'admin/assets/Install.png"/>
753
- <h4>' . esc_html__( 'SSL Installation', 'wp-letsencrypt-ssl' ) . ' <!--<span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="' . esc_attr__( 'PRO - We offer one time free manual support for non-cPanel based sites', 'wp-letsencrypt-ssl' ) . '"></span>--></h4>
754
  <span class="wple-free">' . $manual . '</span>
755
  <span class="wple-pro">' . $automatic . '</span>
756
  </div>
757
  <div class="wple-compare-item">
758
  <img src="' . WPLE_URL . 'admin/assets/renewal.png"/>
759
- <h4>' . esc_html__( 'SSL Renewal', 'wp-letsencrypt-ssl' ) . ' <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="' . esc_attr__( 'Free users must manually renew / re-generate SSL certificate every 90 days.', 'wp-letsencrypt-ssl' ) . '"></span></h4>
760
  <span class="wple-free">' . $manual . '</span>
761
  <span class="wple-pro">' . $automatic . '</span>
762
  </div>
763
  <div class="wple-compare-item">
764
  <img src="' . WPLE_URL . 'admin/assets/wildcard.png"/>
765
- <h4>' . esc_html__( 'Wildcard SSL', 'wp-letsencrypt-ssl' ) . ' <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="' . esc_attr__( 'PRO - Your domain DNS must be managed by cPanel or Godaddy for full automation', 'wp-letsencrypt-ssl' ) . '"></span></h4>
766
- <span class="wple-free">' . esc_html__( 'Not Available', 'wp-letsencrypt-ssl' ) . '</span>
767
- <span class="wple-pro">' . esc_html__( 'Available', 'wp-letsencrypt-ssl' ) . '</span>
768
  </div>
769
  <div class="wple-compare-item">
770
  <img src="' . WPLE_URL . 'admin/assets/multisite.png"/>
771
- <h4>' . esc_html__( 'Multisite Support', 'wp-letsencrypt-ssl' ) . ' <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="' . esc_attr__( 'PRO - Support for Multisite + Mapped domains', 'wp-letsencrypt-ssl' ) . '"></span></h4>
772
- <span class="wple-free">' . esc_html__( 'Not Available', 'wp-letsencrypt-ssl' ) . '</span>
773
- <span class="wple-pro">' . esc_html__( 'Available', 'wp-letsencrypt-ssl' ) . '</span>
774
  </div>
775
  </div>';
776
- }
777
-
778
- ///$html .= '<div style="text-align:center"><img src="' . WPLE_URL . '/admin/assets/new-year.png"></div>';
779
- $html .= '<div class="wple-upgrade-pro">
780
- <a href="' . $compareurl . '" target="_blank" class="wplecompare">' . esc_html__( 'COMPARE FREE & PRO VERSION', 'wp-letsencrypt-ssl' ) . ' <span class="dashicons dashicons-external"></span></a>';
781
- // if (isset($_GET['success']) && FALSE == $nopricing) {
782
- // $html .= '<a href="' . $upgradeurl . '">' . esc_html__('UPGRADE TO PRO', 'wp-letsencrypt-ssl') . '<span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="Requires cPanel or root SSH access"></span></a>
783
- // <a href="https://wpencryption.com/#firewall" target="_blank">' . esc_html__('UPGRADE TO FIREWALL', 'wp-letsencrypt-ssl') . '<span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="Why buy an SSL alone when you can get Premium SSL + CDN + Firewall Security for even lower cost."></span></a>';
784
- // } else {
785
- // if ($nopricing) {
786
- // $html .= '<a href="' . $upgradeurl . '">' . esc_html__('UPGRADE TO CDN', 'wp-letsencrypt-ssl') . '</a>';
787
- // } else {
788
- $html .= '<a href="' . $upgradeurl . '">' . esc_html__( 'UPGRADE TO PRO', 'wp-letsencrypt-ssl' ) . '</a>';
789
- //}
790
- //$html .= '<a href="https://checkout.freemius.com/mode/dialog/plugin/5090/plan/10643/" target="_blank" id="upgradetocdn">' . esc_html__('UPGRADE TO CDN', 'wp-letsencrypt-ssl') . ' <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="Sky rocket your WordPress site performance with Fastest Content Delivery Network + Premium Sectigo SSL"></span></a>';
791
- // }
792
- $html .= '</div>';
793
- // $rnd = rand(0, 1);
794
- // if ($rnd) {
795
- // $html .= '<div class="wple-hire-expert"><a href="https://wpencryption.com/cdn-firewall/?utm_campaign=wpencryptionsite&utm_medium=checkoutcdn&utm_source=upgradeblock" target="_blank">Sky Rocket your site speed with our <strong>CDN</strong> plan (<strong>Includes SSL + Performance</strong>) <span class="dashicons dashicons-external"></span></a></div>';
796
- // } else {
797
- // $html .= '<div class="wple-hire-expert"><a href="https://wpencryption.com/hire-ssl-expert/?utm_campaign=wpencryptionsite&utm_medium=hiresslexpert&utm_source=upgradeblock" target="_blank">Too busy? <b>Hire an expert</b> for secure migration to HTTPS (<b>ONE YEAR PRO LICENSE FREE</b>) <span class="dashicons dashicons-external"></span></a></div>';
798
- // }
799
- $html .= '</div><!--wple-upgradepro-->';
800
- $html .= '<div id="ourotherplugin">Check out our another awesome plugin <a href="https://wordpress.org/plugins/go-viral/" target="_blank"><img src="' . WPLE_URL . 'admin/assets/goviral-logo.png"/> - All in one social toolkit</a></div>';
801
  }
802
-
803
- /**
804
- * Success Message block
805
- *
806
- * @param string $html
807
- * @since 2.5.0
808
- * @return void
809
- */
810
- public function wple_success_block( &$html )
811
- {
812
- //since 2.4.0
813
-
814
- if ( isset( $_GET['success'] ) ) {
815
- $this->wple_wellknown_htaccess();
816
- update_option( 'wple_error', 5 );
817
- //all success
818
- $html .= '
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
819
  <div id="wple-sslgenerator">
820
  <div class="wple-success-form">';
821
- // if (!isset($_GET['resume']) && !isset($_GET['nossl'])) {
822
- // $this->wple_send_success_mail();
823
- // }
824
- $html .= '<h2><span class="dashicons dashicons-yes"></span>&nbsp;' . WPLE_Trait::wple_kses( __( '<b>Congrats! SSL Certificate have been successfully generated.</b>', 'wp-letsencrypt-ssl' ) ) . '</h2>
825
- <h3 style="width: 87%; margin: 0px auto; color: #7b8279; font-weight:400;">' . WPLE_Trait::wple_kses( __( 'We just completed major task of generating SSL certificate! Now we have ONE final step to complete.', 'wp-letsencrypt-ssl' ) ) . '</h3>';
826
- $html .= WPLE_Trait::wple_progress_bar();
827
- ///$nopricing = get_option('wple_no_pricing');
828
- //$colclass = FALSE != $nopricing ? 'wple-three-cols' : '';
829
- $html .= '
830
 
831
  <div class="wple-success-flex">
832
  <div class="wple-success-flex-video">
@@ -834,23 +829,23 @@ class WPLE_Admin
834
  </div>
835
  <div class="wple-success-flex-final">
836
  <ul class="download-ssl-certs">
837
- <li>1. ' . sprintf( __( '%sClick here%s to login into your cPanel.', 'wp-letsencrypt-ssl' ), '<a href="' . site_url( 'cpanel' ) . '" target="_blank">', '</a>' ) . '</li>
838
- <li>2. ' . sprintf( __( 'Open %sSSL/TLS%s option on your cPanel', 'wp-letsencrypt-ssl' ), '<strong><img src="' . WPLE_URL . '/admin/assets/tls.png" style="width: 20px;margin-bottom: -5px;">&nbsp;', '</strong>' ) . '</li>
839
- <li>3. ' . sprintf( __( 'Click on %sManage SSL Sites%s option', 'wp-letsencrypt-ssl' ), '<strong>', '</strong>' ) . '</li>
840
  <li>4. ' . sprintf(
841
- __( 'Copy the contents of %sCertificate.crt%s, %sPrivate.pem%s, %sCABundle.crt%s files from below & paste them into its appropriate fields on cPanel', 'wp-letsencrypt-ssl' ),
842
- '<strong>',
843
- '</strong>',
844
- '<strong>',
845
- '</strong>',
846
- '<strong>',
847
- '</strong>'
848
- ) . '. ' . esc_html( "You can also download the cert files to your local computer, right click > open with notepad to view/copy", "wp-letsencrypt-ssl" ) . '</li>
849
  <li>';
850
- WPLE_Trait::wple_copy_and_download( $html );
851
- $html .= '</li>
852
- <li>5. ' . sprintf( __( 'Click on %sInstall certificate%s', 'wp-letsencrypt-ssl' ), '<strong>', '</strong>' ) . '</li>
853
- <li>6. ' . sprintf( __( 'Please wait few minutes and click on %sEnable HTTPS Now%s button', 'wp-letsencrypt-ssl' ), '<strong>', '</strong>' ) . '</li>
854
  </ul>
855
 
856
  </div>
@@ -858,682 +853,669 @@ class WPLE_Admin
858
 
859
  <div class="wple-success-cols wple-three-cols">
860
  <div>
861
- <h3>' . esc_html__( "Don't have cPanel?", 'wp-letsencrypt-ssl' ) . '</h3>
862
- <p>' . esc_html__( "cPanel link goes to 404 not found page?. ", 'wp-letsencrypt-ssl' ) . sprintf(
863
- __( "If you have root SSH access, edit your server config file and point your SSL paths to %scertificate.crt%s & %sprivate.pem%s files in %skeys/%s folder. If you don't have either cPanel or root SSH access, Upgrade to %sPRO%s version for automatic SSL installation and automatic SSL renewal.", 'wp-letsencrypt-ssl' ),
864
- '<strong>',
865
- '</strong>',
866
- '<strong>',
867
- '</strong>',
868
- '<strong>',
869
- '</strong>',
870
- '<a href="' . admin_url( '/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=8210&plan_name=pro&billing_cycle=annual&pricing_id=7965&currency=usd' ) . '"><strong>',
871
- '</strong></a>'
872
- ) . '<br><br><span style="display:none">' . sprintf( __( 'You can also upgrade to our %sCDN%s plan to avail fully automatic SSL + Fastest CDN + Firewall Security.', 'wp-letsencrypt-ssl' ), '<a href="https://wpencryption.com/cdn-firewall/" target="_blank">', '</a>' ) . '</span></p>
873
  </div>
874
  <div>
875
- <h3>' . esc_html__( "Test SSL Installation", 'wp-letsencrypt-ssl' ) . '</h3>
876
- <p>' . esc_html__( "After installing SSL certs on your cPanel, open your site in https:// and click on padlock to see if valid certificate exists. You can also test your site's SSL on SSLLabs.com", "wp-letsencrypt-ssl" ) . '</p>
877
  </div>
878
  <div>
879
- <h3>' . esc_html__( "By Clicking Enable HTTPS", 'wp-letsencrypt-ssl' ) . '</h3>
880
- <p>' . esc_html__( 'Your site & admin url will be changed to https:// and all assets, js, css, images will strictly load over https:// to avoid mixed content errors.', 'wp-letsencrypt-ssl' ) . '</p>
881
  </div>';
882
- // if (FALSE == $nopricing) {
883
- // $html .= '<div>
884
- // <h3>' . esc_html__("Looking for instant SSL solution?", 'wp-letsencrypt-ssl') . '</h3>
885
- // <p>' . sprintf(__('Why pay for an SSL certificate alone when you can get %sPremium Sectigo SSL%s + %sCDN Performance%s + %sSecurity Firewall%s for even lower cost with our %sCDN%s Service.', 'wp-letsencrypt-ssl'), '<strong>', '</strong>', '<strong>', '</strong>', '<strong>', '</strong>', '<a href="https://wpencryption.com/cdn-firewall/?utm_campaign=wpencryption&utm_source=wordpress&utm_medium=gocdn" target="_blank">', '</a>') . '!.</p>
886
- // </div>';
887
- // }
888
- $html .= '</div>
889
 
890
  <ul>
891
- <!--<li>' . WPLE_Trait::wple_kses( __( '<b>Note:</b> Use below "Enable HTTPS" button ONLY after SSL certificate is successfully installed on your cPanel', 'wp-letsencrypt-ssl' ) ) . '</li>-->
892
  </ul>';
893
- if ( isset( $_GET['nossl'] ) ) {
894
- $html .= '<h3 style="color:#ff4343;margin-bottom:10px;margin: 0 auto 10px; max-width: 800px;">' . esc_html__( 'We could not detect valid SSL certificate installed on your site!. Please try after some time. You can also try opening wp-admin via https:// and click on enable https button.', 'wp-letsencrypt-ssl' ) . '</h3>
895
- <p>' . esc_html__( 'Switching to HTTPS without properly installing the SSL certificate might break your site.', 'wp-letsencrypt-ssl' ) . '</p>';
896
- }
897
- $html .= '<form method="post">
898
  ' . wp_nonce_field(
899
- 'wplehttps',
900
- 'sslready',
901
- false,
902
- false
903
- ) . '
904
- <button type="submit" name="wple-https">' . esc_html__( 'ENABLE HTTPS NOW', 'wp-letsencrypt-ssl' ) . '</button>
905
  </form>
906
  </div>
907
  </div><!--wple-sslgenerator-->';
908
- }
909
-
910
  }
911
-
912
- /**
913
- * Show pending challenges
914
- *
915
- * @return void
916
- */
917
- public function wple_domain_verification()
918
- {
919
- //since 5.1.0
920
-
921
- if ( isset( $_GET['restart'] ) ) {
922
- //click to restart from beginning
923
- delete_option( 'wple_error' );
924
- delete_option( 'wple_complete' );
925
- wp_redirect( admin_url( '/admin.php?page=wp_encryption' ), 302 );
926
- exit;
927
- }
928
-
929
-
930
- if ( isset( $_GET['complete'] ) ) {
931
- //Forced SSL completion flag
932
- delete_option( 'wple_error' );
933
- update_option( 'wple_complete', 1 );
934
- update_option( 'wple_backend', 1 );
935
- if ( wp_next_scheduled( 'wple_ssl_renewal' ) ) {
936
- wp_clear_scheduled_hook( 'wple_ssl_renewal' );
937
- }
938
- wp_redirect( admin_url( '/admin.php?page=wp_encryption' ), 302 );
939
- exit;
940
- }
941
-
942
- $estage = get_option( 'wple_error' );
943
- //redirections
944
-
945
- if ( FALSE !== $estage && $estage == 2 && !isset( $_GET['subdir'] ) && !isset( $_GET['error'] ) && !isset( $_GET['includewww'] ) && !isset( $_GET['wpleauto'] ) && isset( $_GET['page'] ) && $_GET['page'] == 'wp_encryption' && !isset( $_GET['success'] ) && !isset( $_GET['wplereset'] ) && !isset( $_GET['comparison'] ) && !isset( $_GET['lasterror'] ) ) {
946
- wp_redirect( admin_url( '/admin.php?page=wp_encryption&subdir=1' ), 302 );
947
- exit;
948
- }
949
-
950
-
951
- if ( FALSE !== $estage && $estage == 5 && !isset( $_GET['subdir'] ) && !isset( $_GET['error'] ) && !isset( $_GET['includewww'] ) && !isset( $_GET['wpleauto'] ) && isset( $_GET['page'] ) && $_GET['page'] == 'wp_encryption' && !isset( $_GET['resume'] ) && !isset( $_GET['nossl'] ) && !isset( $_GET['wplereset'] ) && !isset( $_GET['comparison'] ) && !isset( $_GET['nocpanel'] ) ) {
952
- wp_redirect( admin_url( '/admin.php?page=wp_encryption&success=1&resume=1' ), 302 );
953
- exit;
954
- }
955
-
956
  }
957
-
958
- /**
959
- * Error Message block
960
- *
961
- * @param string $html
962
- * @since 2.5.0
963
- * @return void
964
- */
965
- public function wple_error_block( &$html )
966
- {
967
- if ( !isset( $_GET['subdir'] ) && !isset( $_GET['success'] ) ) {
968
-
969
- if ( isset( $_GET['sperror'] ) ) {
970
- } else {
971
-
972
- if ( isset( $_GET['error'] ) || FALSE != ($error_code = get_option( 'wple_error' )) ) {
973
- $error_code = get_option( 'wple_error' );
974
- $generic = esc_html__( 'There was some issue while generating SSL for your site. Please check debug log or try Reset option once.', 'wp-letsencrypt-ssl' );
975
- $generic .= '<p style="font-size:16px;color:#888">' . sprintf( esc_html__( 'Feel free to open support ticket at %s for any help.', 'wp-letsencrypt-ssl' ), 'https://wordpress.org/support/plugin/wp-letsencrypt-ssl/#new-topic-0' ) . '</p>';
976
- $firerec = sprintf(
977
- esc_html__( "We highly recommend upgrading to our %sPRO%s annual plan for %sPremium SSL%s with automatic %sCDN%s + %sFirewall Security%s that works on ANY host.", 'wp-letsencrypt-ssl' ),
978
- '<a href="' . admin_url( '/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=8210&plan_name=pro&billing_cycle=annual&pricing_id=7965&currency=usd' ) . '">',
979
- '</a>',
980
- '<strong>',
981
- '</strong>',
982
- '<strong>',
983
- '</strong>',
984
- '<strong>',
985
- '</strong>'
986
- );
987
- $thirdparty = esc_html__( "Your hosting server don't seem to support third party SSL.", "wp-letsencrypt-ssl" );
988
-
989
- if ( FALSE !== $error_code && ($error_code == 1 || $error_code == 400) ) {
990
- $generic .= '<p class="firepro">' . $thirdparty . ' ' . $firerec . '</p>';
991
- } else {
992
- if ( file_exists( ABSPATH . 'keys/certificate.crt' ) ) {
993
- $generic .= '<br><br>' . WPLE_Trait::wple_kses( __( 'You already seem to have certificate generated and stored. Please try downloading certs from <strong>Download SSL Certificates</strong> page and open in a text editor like notepad to check if certificate is not empty.', 'wp-letsencrypt-ssl' ) );
994
- }
995
- }
996
-
997
-
998
- if ( FALSE !== $error_code && $error_code == 429 ) {
999
- $generic = sprintf( esc_html__( 'Too many registration attempts from your IP address (%s). Please try after 2-3 hours.', 'wp-letsencrypt-ssl' ), 'https://letsencrypt.org/docs/rate-limits/' );
1000
- $generic .= '<p class="firepro">' . $firerec . '</p>';
1001
- $generic .= '<p style="font-size:17px;color:#888">' . sprintf( esc_html__( 'Feel free to open support ticket at %s for any help.', 'wp-letsencrypt-ssl' ), 'https://wordpress.org/support/plugin/wp-letsencrypt-ssl/#new-topic-0' ) . '</p>';
1002
- }
1003
-
1004
- if ( $error_code != 5 ) {
1005
- $html .= '
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1006
  <div id="wple-sslgenerator" class="error">
1007
  <div class="wple-error-message">
1008
  ' . $generic . '
1009
  </div>
1010
  </div><!--wple-sslgenerator-->';
1011
- }
1012
- }
1013
-
1014
- }
1015
-
1016
  }
 
1017
  }
1018
-
1019
- /**
1020
- * Handles review box actions
1021
- *
1022
- * @since 4.4.0
1023
- * @return void
1024
- */
1025
- public function wple_review_handler()
1026
- {
1027
- //since 5.0.0
1028
- $this->wple_intro_pricing_handler();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1029
  }
1030
-
1031
- /**
1032
- * Sets review flag to show review request
1033
- *
1034
- * @since 4.4.0
1035
- */
1036
- public function wple_set_review_flag()
1037
- {
1038
- update_option( 'wple_show_review', 1 );
1039
  }
1040
-
1041
- /**
1042
- * Handle the reset keys action
1043
- *
1044
- * @since 4.5.0
1045
- * @return void
1046
- */
1047
- public function wple_reset_handler()
1048
- {
1049
-
1050
- if ( isset( $_GET['wplereset'] ) ) {
1051
- if ( !current_user_can( 'manage_options' ) ) {
1052
- exit( 'No Trespassing Allowed' );
1053
- }
1054
- if ( !wp_verify_nonce( $_GET['wplereset'], 'restartwple' ) ) {
1055
- exit( 'No Trespassing Allowed' );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1056
  }
1057
- $keys = ABSPATH . 'keys/';
1058
- $files = array(
1059
- $keys . 'public.pem',
1060
- $keys . 'private.pem',
1061
- $keys . 'order',
1062
- $keys . 'fullchain.crt',
1063
- $keys . 'certificate.crt',
1064
- $keys . '__account/private.pem',
1065
- $keys . '__account/public.pem'
1066
- );
1067
- foreach ( $files as $file ) {
1068
- if ( file_exists( $file ) ) {
1069
- unlink( $file );
1070
- }
1071
  }
1072
- delete_option( 'wple_error' );
1073
- delete_option( 'wple_complete' );
1074
- delete_option( 'wple_backend' );
1075
- ///if (wple_fs()->can_use_premium_code__premium_only()) {
1076
- delete_option( 'wple_firewall_stage' );
1077
- delete_option( 'wple_spmode_dns' );
1078
- delete_option( 'wple_spmode_activated' );
1079
- ///}
1080
- add_action( 'admin_notices', array( $this, 'wple_reset_success' ) );
1081
  }
1082
-
1083
- //since 4.6.0
1084
-
1085
- if ( isset( $_GET['wplesslrenew'] ) ) {
1086
- if ( !wp_verify_nonce( $_GET['wplesslrenew'], 'wple_renewed' ) ) {
1087
- exit( 'Unauthorized' );
1088
- }
1089
- delete_option( 'wple_show_reminder' );
1090
- wp_redirect( admin_url( '/admin.php?page=wp_encryption' ), 302 );
 
 
 
 
 
 
 
 
 
 
 
1091
  }
1092
-
1093
- }
1094
-
1095
- /**
1096
- * Reset success notice
1097
- *
1098
- * @since 4.5.0
1099
- */
1100
- public function wple_reset_success()
1101
- {
1102
- echo '<div class="notice notice-success is-dismissable">
1103
- <p>' . esc_html( 'Reset successful!. You can start with the SSL install process again.', 'wp-letsencrypt-ssl' ) . '</p>
1104
- </div>' ;
1105
- }
1106
-
1107
- /**
1108
- * Local check DNS records via Ajax
1109
- *
1110
- * @since 4.6.0
1111
- * @return void
1112
- */
1113
- public function wple_ajx_verify_dns()
1114
- {
1115
-
1116
- if ( isset( $_POST['nc'] ) ) {
1117
- if ( !wp_verify_nonce( $_POST['nc'], 'verifydnsrecords' ) ) {
1118
- exit( 'Unauthorized' );
1119
- }
1120
- $toVerify = get_option( 'wple_opts' );
1121
-
1122
- if ( array_key_exists( 'dns_challenges', $toVerify ) && !empty($toVerify['dns_challenges']) ) {
1123
- $toVerify = $dnspendings = $toVerify['dns_challenges'];
1124
- //array
1125
- foreach ( $toVerify as $index => $item ) {
1126
- $domain_code = explode( '||', $item );
1127
- $acme = '_acme-challenge.' . esc_html( $domain_code[0] );
1128
- $requestURL = 'https://dns.google.com/resolve?name=' . addslashes( $acme ) . '&type=TXT';
1129
- $handle = curl_init();
1130
- curl_setopt( $handle, CURLOPT_URL, $requestURL );
1131
- curl_setopt( $handle, CURLOPT_RETURNTRANSFER, true );
1132
- curl_setopt( $handle, CURLOPT_FOLLOWLOCATION, true );
1133
- $response = json_decode( trim( curl_exec( $handle ) ) );
1134
-
1135
- if ( $response->Status === 0 && isset( $response->Answer ) ) {
1136
- //if ($answer->type == 16) {
1137
- $found = 'Pending';
1138
- foreach ( $response->Answer as $answer ) {
1139
- $livecode = str_ireplace( '"', '', $answer->data );
1140
-
1141
- if ( $livecode == $domain_code[1] ) {
1142
- unset( $dnspendings[$index] );
1143
- $found = 'OK';
1144
- }
1145
-
1146
- }
1147
- WPLE_Trait::wple_logger( "\n" . esc_html( $requestURL . ' should return ' . $domain_code[1] . ' -> ' . $found ) . "\n" );
1148
- } else {
1149
- $ledebug = WPLE_Trait::wple_lets_debug( 'dns-01' );
1150
-
1151
- if ( $ledebug != false ) {
1152
- echo $ledebug ;
1153
- exit;
1154
- }
1155
-
1156
- echo 'fail' ;
1157
- exit;
1158
- }
1159
-
1160
- }
1161
-
1162
- if ( empty($dnspendings) ) {
1163
- WPLE_Trait::wple_logger(
1164
- "Local check - All DNS challenges verified\n",
1165
- 'success',
1166
- 'a',
1167
- false
1168
- );
1169
- echo 1 ;
1170
- exit;
1171
- } else {
1172
- $ledebug = WPLE_Trait::wple_lets_debug( 'dns-01' );
1173
-
1174
- if ( $ledebug != false ) {
1175
- echo $ledebug ;
1176
- exit;
1177
- }
1178
-
1179
- echo 'fail' ;
1180
- exit;
1181
- }
1182
-
1183
- } else {
1184
-
1185
- if ( empty($toVerify['dns_challenges']) ) {
1186
- WPLE_Trait::wple_logger(
1187
- "Local check - DNS challenges empty\n",
1188
- 'success',
1189
- 'a',
1190
- false
1191
- );
1192
- echo 1 ;
1193
- exit;
1194
- }
1195
-
1196
- }
1197
-
1198
  }
1199
-
1200
- WPLE_Trait::wple_send_log_data();
1201
- echo 'fail' ;
1202
- exit;
1203
  }
1204
-
1205
- /**
1206
- * Show expiry reminder in admin notice
1207
- *
1208
- * @see 4.6.0
1209
- * @return void
1210
- */
1211
- public function wple_start_show_reminder()
1212
- {
1213
- update_option( 'wple_show_reminder', 1 );
1214
- $opts = get_option( 'wple_opts' );
1215
- $to = sanitize_email( $opts['email'] );
1216
- $subject = sprintf( esc_html__( 'ATTENTION - SSL Certificate of %s expires in just 10 days', 'wp-letsencrypt-ssl' ), str_ireplace( array( 'https://', 'http://' ), array( '', '' ), site_url() ) );
1217
- $headers = array( 'Content-Type: text/html; charset=UTF-8' );
1218
- $body = '<p>' . sprintf( esc_html__( 'Your SSL Certificate is expiring soon!. Please make sure to re-generate new SSL Certificate using %sWP Encryption%s and install it on your hosting server to avoid site showing insecure warning with expired certificate.', 'wp-letsencrypt-ssl' ), '<a href="' . admin_url( '/admin.php?page=wp_encryption', 'http' ) . '">', '</a>' ) . '</p><br /><br />';
1219
- $body .= '<b>' . esc_html__( 'Tired of manual SSL renewal every 90 days?, Upgrade to PRO version for automatic SSL installation and automatic SSL renewal', 'wp-letsencrypt-ssl' ) . '. <br><a href="' . admin_url( '/admin.php?page=wp_encryption-pricing', 'http' ) . '" style="background: #0073aa; text-decoration: none; color: #fff; padding: 12px 20px; display: inline-block; margin: 10px 0; font-weight: bold;">' . esc_html__( 'UPGRADE TO PREMIUM', 'wp-letsencrypt-ssl' ) . '</a></b><br /><br />';
1220
- wp_mail(
1221
- $to,
1222
- $subject,
1223
- $body,
1224
- $headers
1225
- );
 
 
 
 
 
 
 
1226
  }
1227
-
1228
- public function wple_reminder_notice()
1229
- {
1230
- $already_did = wp_nonce_url( admin_url( 'admin.php?page=wp_encryption' ), 'wple_renewed', 'wplesslrenew' );
1231
- $html = '<div class="notice notice-info wple-admin-review">
 
1232
  <div class="wple-review-box wple-reminder-notice">
1233
  <img src="' . WPLE_URL . 'admin/assets/symbol.png"/>
1234
- <span><strong>WP ENCRYPTION: ' . esc_html__( 'Your SSL certificate expires in less than 10 days', 'wp-letsencrypt-ssl' ) . '</strong><p>' . WPLE_Trait::wple_kses( __( 'Renew your SSL certificate today to avoid your site from showing as insecure. Please support our contribution by upgrading to <strong>Pro</strong> and avail automatic SSL renewal with automatic SSL installation.', 'wp-letsencrypt-ssl' ) ) . '</p></span>
1235
  </div>
1236
- <a class="wple-lets-review wplerevbtn" href="' . admin_url( '/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=8210&plan_name=pro&billing_cycle=lifetime&pricing_id=7965&currency=usd' ) . '">' . esc_html__( 'Upgrade to Pro', 'wp-letsencrypt-ssl' ) . '</a>
1237
- <a class="already-renewed wplerevbtn" href="' . $already_did . '">' . esc_html__( 'I already renewed', 'wp-letsencrypt-ssl' ) . '&nbsp;<span class="dashicons dashicons-smiley"></span></a>
1238
  </div>';
1239
- echo $html ;
1240
- }
1241
-
1242
- /**
1243
- * Manual HTTP challenges for subdir sites
1244
- *
1245
- * @since 4.7.0
1246
- * @param string $html
1247
- * @param array $opts
1248
- * @return string
1249
- */
1250
- public function wple_subdir_challenges( &$html, $opts )
1251
- {
1252
- if ( isset( $_GET['subdir'] ) ) {
1253
- $html .= '
1254
  <div id="wple-sslgenerator">
1255
  <div class="wple-success-form">
1256
- ' . WPLE_Subdir_Challenge_Helper::show_challenges( $opts ) . '
1257
  </div>
1258
  </div><!--wple-sslgenerator-->';
1259
- }
1260
  }
1261
-
1262
- /**
1263
- * Local check HTTP records via Ajax for subdir sites
1264
- *
1265
- * @since 4.7.0
1266
- * @return void
1267
- */
1268
- public function wple_ajx_verify_http()
1269
- {
1270
-
1271
- if ( isset( $_POST['nc'] ) ) {
1272
- if ( !wp_verify_nonce( $_POST['nc'], 'verifyhttprecords' ) ) {
1273
- exit( 'Unauthorized' );
1274
- }
1275
- $domain = str_ireplace( array( 'https://', 'http://' ), '', site_url() );
1276
- if ( stripos( $domain, '/' ) != FALSE ) {
1277
- //subdir site
1278
- $domain = substr( $domain, 0, stripos( $domain, '/' ) );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1279
  }
1280
- $opts = get_option( 'wple_opts' );
1281
- $httpch = $opts['challenge_files'];
1282
-
1283
- if ( empty($httpch) ) {
1284
- echo 'empty' ;
1285
- exit;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1286
  }
1287
-
1288
- $counter = get_option( 'wple_failed_verification' );
1289
- $curl_exists = function_exists( 'curl_init' );
1290
- if ( $curl_exists ) {
1291
- foreach ( $httpch as $index => $ch ) {
1292
- $chfile = sanitize_file_name( $ch['file'] );
1293
- $chval = esc_html( $ch['value'] );
1294
- $fpath = trailingslashit( ABSPATH ) . '.well-known/acme-challenge/';
1295
-
1296
- if ( $counter >= 5 ) {
1297
- if ( !file_exists( $fpath ) ) {
1298
- mkdir( $fpath, 0775, true );
1299
- }
1300
- WPLE_Trait::wple_logger( 'Helping with HTTP challenge file', 'success', 'a' );
1301
- file_put_contents( $fpath . $chfile, trim( $chval ) );
1302
- }
1303
-
1304
- $acmefilepath = $fpath . $chfile;
1305
-
1306
- if ( file_exists( $acmefilepath . '.txt' ) ) {
1307
- unlink( $acmefilepath . '.txt' );
1308
- file_put_contents( $acmefilepath, trim( $chval ) );
1309
- }
1310
-
1311
- //cleanup htaccess files
1312
- $ABS = trailingslashit( ABSPATH );
1313
- if ( file_exists( $ABS . '.well-known/.htaccess' ) ) {
1314
- unlink( $ABS . '.well-known/.htaccess' );
1315
- }
1316
- if ( file_exists( $ABS . '.well-known/acme-challenge/.htaccess' ) ) {
1317
- unlink( $ABS . '.well-known/acme-challenge/.htaccess' );
1318
- }
1319
- $check = LEFunctions::checkHTTPChallenge(
1320
- $domain,
1321
- $chfile,
1322
- $chval,
1323
- false
1324
- );
1325
- $chfileexists = file_exists( $fpath . $chfile );
1326
-
1327
- if ( !$check && $chfileexists ) {
1328
- if ( !file_exists( $fpath ) ) {
1329
- mkdir( $fpath, 0775, true );
1330
- }
1331
- WPLE_Trait::wple_logger( 'Local file exists - Trying to help with HTTP challenge file', 'success', 'a' );
1332
- file_put_contents( $fpath . $chfile, trim( $chval ) );
1333
- //re-check once
1334
- $check = LEFunctions::checkHTTPChallenge(
1335
- $domain,
1336
- $chfile,
1337
- $chval,
1338
- false
1339
- );
1340
-
1341
- if ( !$check ) {
1342
- echo 'not_possible' ;
1343
- exit;
1344
- }
1345
-
1346
- }
1347
-
1348
- // if ($check === true) {
1349
- // //skip
1350
- // } else if ($check == 200 && $chfileexists) {
1351
- // $check = 2;
1352
- // } else {
1353
-
1354
- if ( !$check ) {
1355
-
1356
- if ( FALSE === $counter ) {
1357
- update_option( 'wple_failed_verification', 1 );
1358
- } else {
1359
- update_option( 'wple_failed_verification', $counter + 1 );
1360
- }
1361
-
1362
- WPLE_Trait::wple_logger(
1363
- "HTTP challenge file (" . $domain . "/.well-known/acme-challenge/" . $chfile . ") checked locally - found invalid ({$chfileexists})",
1364
- 'success',
1365
- 'a',
1366
- false
1367
- );
1368
- WPLE_Trait::wple_send_log_data();
1369
- $ledebug = WPLE_Trait::wple_lets_debug( 'http-01' );
1370
-
1371
- if ( $ledebug != false ) {
1372
- echo $ledebug ;
1373
- exit;
1374
- }
1375
-
1376
- echo 'fail' ;
1377
- exit;
1378
- }
1379
-
1380
- }
1381
  }
1382
- // if ($check == 2) {
1383
- // WPLE_Trait::wple_logger("Local check - Found challenge file in acme-challenge => proceeding to ACME verification\n", 'success', 'a', false);
1384
- // delete_option('wple_failed_verification');
1385
- // echo 1;
1386
- // exit();
1387
- // }
1388
- if ( !$curl_exists ) {
1389
- WPLE_Trait::wple_logger(
1390
- "HTTP local verification skipped due to non-availability of CURL\n",
1391
- 'success',
1392
- 'a',
1393
- false
1394
- );
 
1395
  }
 
1396
  WPLE_Trait::wple_logger(
1397
- "Local check - All HTTP challenges verified\n",
1398
- 'success',
1399
- 'a',
1400
- false
1401
  );
1402
- delete_option( 'wple_failed_verification' );
1403
- echo 1 ;
 
 
 
 
 
 
 
1404
  exit;
1405
- }
1406
-
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1407
  }
1408
-
1409
- /**
1410
- * Continue process on wpleauto param
1411
- *
1412
- * @return void
1413
- */
1414
- public function wple_continue_certification()
1415
- {
1416
-
1417
- if ( isset( $_GET['wpleauto'] ) ) {
1418
- $leopts = get_option( 'wple_opts' );
1419
-
1420
- if ( $_GET['wpleauto'] == 'http' ) {
1421
- new WPLE_Core( $leopts );
1422
- } else {
1423
- //DNS
1424
- new WPLE_Core(
1425
- $leopts,
1426
- true,
1427
- false,
1428
- true
1429
- );
1430
- }
1431
-
1432
- }
1433
-
1434
  }
1435
-
1436
- /**
1437
- * Simple success notice for admin
1438
- *
1439
- * @since 4.7.2
1440
- * @return void
1441
- */
1442
- public function wple_success_notice()
1443
- {
1444
- $html = '<div class="notice notice-success">
1445
- <p>' . esc_html__( 'Success', 'wp-letsencrypt-ssl' ) . '!</p>
 
1446
  </div>';
1447
- echo $html ;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1448
  }
1449
-
1450
- /**
1451
- * Show Pricing table once on activation
1452
- *
1453
- * @since 5.0.0
1454
- * @param string $html
1455
- * @return $html
1456
- */
1457
- public function wple_initial_quick_pricing( &$html )
1458
- {
1459
- $host = site_url();
1460
- if ( FALSE != ($slashpos = stripos( $host, '/', 9 )) ) {
1461
- $host = substr( $host, 0, $slashpos );
1462
- }
1463
- $cp = $host . ':2083';
1464
- if ( FALSE === stripos( $host, 'https' ) ) {
1465
- $cp = $host . ':2082';
1466
- }
1467
- $response = wp_remote_get( $cp, [
1468
- 'headers' => [
1469
- 'Connection' => 'close',
1470
- ],
1471
- 'sslverify' => false,
1472
- 'timeout' => 30,
1473
- ] );
1474
- $cpanel = true;
1475
- if ( is_wp_error( $response ) ) {
1476
- $cpanel = false;
1477
- }
1478
- $html .= '<div id="wple-sslgen">';
1479
- $cppricing = ( FALSE !== stripos( ABSPATH, 'srv/htdocs' ) ? true : false );
1480
-
1481
- if ( $cpanel || $cppricing ) {
1482
- $show_rp = '';
1483
- if ( !$cppricing ) {
1484
- $show_rp = 1;
1485
- }
1486
- update_option( 'wple_have_cpanel', $show_rp );
1487
- $html .= $this->wple_cpanel_pricing_table( 1 );
1488
- } else {
1489
- update_option( 'wple_have_cpanel', 0 );
1490
- // if (isset($_SERVER['GD_PHP_HANDLER'])) {
1491
- // if ($_SERVER['SERVER_SOFTWARE'] == 'Apache' && isset($_SERVER['GD_PHP_HANDLER']) && $_SERVER['DOCUMENT_ROOT'] == '/var/www') {
1492
- $html .= $this->wple_firewall_pricing_table();
1493
- // }
1494
- // } else {
1495
- // $html .= $this->wple_cpanel_pricing_table('');
1496
- // }
1497
- }
1498
-
1499
- $html .= '</div>';
1500
- echo $html ;
1501
  }
1502
-
1503
- /**
1504
- * Pricing table html
1505
- *
1506
- * @since 5.0.0
1507
- * @return $table
1508
- */
1509
- public function wple_cpanel_pricing_table( $cpanel = '' )
1510
- {
1511
- ob_start();
1512
- ?>
1513
 
1514
- <h2 class="pricing-intro-head"><?php
1515
- esc_html_e( 'SAVE MORE THAN $90+ EVERY YEAR IN SSL CERTIFICATE FEE', 'wp-letsencrypt-ssl' );
1516
- ?></h2>
1517
 
1518
- <h4 class="pricing-intro-subhead">Purchase once and use for lifetime - Trusted Globally by <b>110,000+</b> WordPress Users (Looking for <a href="<?php
1519
- echo admin_url( '/admin.php?page=wp_encryption&gopro=3' ) ;
1520
- ?>">Annual</a> | <a href="<?php
1521
- echo admin_url( '/admin.php?page=wp_encryption&gopro=2' ) ;
1522
- ?>">Unlimited Sites License?</a>)</h4>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1523
 
1524
  <div style="text-align:center">
1525
- <img src="<?php
1526
- echo WPLE_URL ;
1527
- ?>admin/assets/limited-offer.png" style="max-width:650px" />
1528
  </div>
1529
 
1530
  <!-- <div class="plan-toggler" style="margin:60px 0 -20px !important">
1531
  <span>Annual</span><label class="toggle">
1532
- <input class="toggle-checkbox initplan-switch" type="checkbox" <?php
1533
- // if ($cpanel == 1) {
1534
- // echo 'checked';
1535
- // }
1536
- ?>>
1537
  <div class="toggle-switch"></div>
1538
  <span class="toggle-label">Lifetime</span>
1539
  </label>
@@ -1554,9 +1536,9 @@ class WPLE_Admin
1554
  <li><strong>Basic</strong> support</li>
1555
  </ul>
1556
  <div class="pricing-btn-block">
1557
- <a href="<?php
1558
- echo admin_url( '/admin.php?page=wp_encryption&gofree=1' ) ;
1559
- ?>" class="pricingbtn free">Select Plan</a>
1560
  </div>
1561
  </div>
1562
 
@@ -1580,33 +1562,33 @@ class WPLE_Admin
1580
  <li><strong>Priority</strong> support <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="gowebsmarty.in"></span></li>
1581
  </ul>
1582
  <div class="pricing-btn-block">
1583
- <a href="<?php
1584
- echo admin_url( '/admin.php?page=wp_encryption&gopro=1' ) ;
1585
- ?>" class="pricingbtn free">Select Plan</a>
1586
  </div>
1587
  </div>
1588
 
1589
  </div>
1590
 
1591
  <br />
1592
- <?php
1593
- if ( $cpanel != '' ) {
1594
  ?>
1595
  <div class="quick-refund-policy">
1596
  <strong>7 Days Refund Policy</strong>
1597
  <p>We're showing this recommendation because you have cPanel hosting where our PRO plugin is 100% guaranteed to work. Your purchase will be completely refunded if WP Encryption fail to work on your site.</p>
1598
  </div>
1599
- <?php
1600
- }
1601
- ?>
1602
 
1603
- <?php
1604
  $table = ob_get_clean();
1605
  return $table;
1606
- }
1607
-
1608
- public function wple_firewall_pricing_table()
1609
- {
1610
  ob_start();
1611
  ?>
1612
 
@@ -1614,9 +1596,9 @@ class WPLE_Admin
1614
  <h4 class="pricing-intro-subhead">Upgrade to PRO today for <strong>Fully automatic SSL</strong> & get automatic <strong>CDN + Security</strong> for FREE! - Trusted Globally by <b>110,000+</b> WordPress Users <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="A complete bundle worth $360!"></span></h4>
1615
 
1616
  <div style="text-align:center">
1617
- <img src="<?php
1618
- echo WPLE_URL ;
1619
- ?>admin/assets/limited-offer.png" style="max-width:650px" />
1620
  </div>
1621
 
1622
  <div id="quick-pricing-table" class="non-cpanel-plans">
@@ -1632,9 +1614,9 @@ class WPLE_Admin
1632
  <li><strong>Basic</strong> support</li>
1633
  </ul>
1634
  <div class="pricing-btn-block">
1635
- <a href="<?php
1636
- echo admin_url( '/admin.php?page=wp_encryption&gofree=1' ) ;
1637
- ?>" class="pricingbtn free">Select Plan</a>
1638
  </div>
1639
  </div>
1640
 
@@ -1659,9 +1641,9 @@ class WPLE_Admin
1659
  <li><strong>Priority</strong> Support</li>
1660
  </ul>
1661
  <div class="pricing-btn-block">
1662
- <a href="<?php
1663
- echo admin_url( '/admin.php?page=wp_encryption&gofirewall=1' ) ;
1664
- ?>" class="pricingbtn free">Select Plan</a>
1665
  </div>
1666
  </div>
1667
 
@@ -1670,118 +1652,114 @@ class WPLE_Admin
1670
  7 days money back guarantee <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="If you are not satisfied with the service within 7 days of purchase, We will refund your purchase no questions asked"></span>
1671
  </div> -->
1672
 
1673
- <?php
1674
  $table = ob_get_clean();
1675
  return $table;
1676
- }
1677
-
1678
- /**
1679
- * Intro pricing table handler
1680
- *
1681
- * @since 5.0.0
1682
- * @return void
1683
- */
1684
- public function wple_intro_pricing_handler()
1685
- {
1686
  $goplan = '';
1687
-
1688
- if ( isset( $_GET['gofree'] ) ) {
1689
- update_option( 'wple_plan_choose', 1 );
1690
- wp_redirect( admin_url( '/admin.php?page=wp_encryption' ), 302 );
1691
- exit;
1692
  } else {
1693
-
1694
- if ( isset( $_GET['gopro'] ) ) {
1695
- update_option( 'wple_plan_choose', 1 );
1696
-
1697
- if ( $_GET['gopro'] == 2 ) {
1698
- //unlimited
1699
- wp_redirect( admin_url( '/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=8210&plan_name=pro&billing_cycle=annual&pricing_id=10873&currency=usd' ), 302 );
1700
- } else {
1701
-
1702
- if ( $_GET['gopro'] == 3 ) {
1703
- //annual
1704
- wp_redirect( admin_url( '/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=8210&plan_name=pro&billing_cycle=annual&pricing_id=7965&currency=usd' ), 302 );
1705
- } else {
1706
- //single lifetime
1707
- wp_redirect( admin_url( '/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=8210&plan_name=pro&billing_cycle=lifetime&pricing_id=7965&currency=usd' ), 302 );
1708
- }
1709
-
1710
- }
1711
-
1712
- exit;
1713
  } else {
1714
-
1715
- if ( isset( $_GET['gofirewall'] ) ) {
1716
- update_option( 'wple_plan_choose', 1 );
1717
- ///wp_redirect(admin_url('/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=11394&plan_name=pro&billing_cycle=annual&pricing_id=11717&currency=usd'), 302);
1718
- wp_redirect( admin_url( '/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=8210&plan_name=pro&billing_cycle=annual&pricing_id=7965&currency=usd' ), 302 );
1719
- exit;
1720
- }
1721
-
1722
  }
1723
-
 
 
 
 
 
 
 
 
 
 
1724
  }
1725
-
1726
- }
1727
-
1728
- /**
1729
- * After all stages completion
1730
- *
1731
- * @param string $html
1732
- * @return void
1733
- */
1734
- public function wple_completed_block( &$html )
1735
- {
1736
  $html .= WPLE_Trait::wple_progress_bar();
1737
  $cert = ABSPATH . 'keys/certificate.crt';
1738
- $leopts = get_option( 'wple_opts' );
1739
- $future = strtotime( $leopts['expiry'] );
1740
  //Future date.
1741
  $timefromdb = time();
1742
  $timeleft = $future - $timefromdb;
1743
- $daysleft = round( $timeleft / 24 / 60 / 60 );
1744
- $wple_support = get_option( 'wple_backend' );
1745
- $renewtext = esc_html__( 'Click Here To Renew SSL Certificate', 'wp-letsencrypt-ssl' );
1746
- $renewlink = '<a href="#" class="letsrenew wple-tooltip disabled" data-tippy="' . esc_html__( 'This renew button will get enabled during last 30 days of current SSL certificate expiry', 'wp-letsencrypt-ssl' ) . ' ' . esc_html__( 'You can also click on STEP 1 in above progress bar to renew/re-generate SSL Certificate again.', 'wp-letsencrypt-ssl' ) . '">' . $renewtext . '</a>';
1747
- if ( $daysleft <= 30 ) {
1748
- $renewlink = '<a href="' . admin_url( '/admin.php?page=wp_encryption&restart=1' ) . '" class="letsrenew">' . $renewtext . '</a>';
1749
- }
1750
- if ( $wple_support ) {
1751
- //forced completion
1752
- $renewlink = '';
1753
- }
1754
- $headline = esc_html__( 'Woohoo! WP Encryption just saved you $$$ in SSL Certificate Fee.', 'wp-letsencrypt-ssl' );
1755
- $sharetitle = urlencode( 'Generated & Installed free SSL certificate using WP ENCRYPTION WordPress plugin within minutes! Thanks for the great plugin' );
1756
  $html .= '<div id="wple-completed">
1757
  <div class="wple-completed-review">
1758
  <h2>' . $headline . '</h2>
1759
  <p>' . sprintf(
1760
- __( 'Can you please do us a BIG favor by leaving a %s%s%s%s%s rating on WordPress.org', 'wp-letsencrypt-ssl' ),
1761
- '<span class="dashicons dashicons-star-filled"></span>',
1762
- '<span class="dashicons dashicons-star-filled"></span>',
1763
- '<span class="dashicons dashicons-star-filled"></span>',
1764
- '<span class="dashicons dashicons-star-filled"></span>',
1765
- '<span class="dashicons dashicons-star-filled"></span>'
1766
  ) . ' <span class="wple-share-success">' . sprintf(
1767
- __( "or spread the word on %s %s %s %s", "wp-letsencrypt-ssl" ),
1768
- '<a href="https://twitter.com/share?url=https://wpencryption.com&text=' . $sharetitle . '&hashtags=wp_encryption,wordpress_ssl,wordpress_https" target="_blank" title="Twitter" class="tw">T</a>',
1769
- '<a href="https://www.facebook.com/sharer.php?u=wpencryption.com" target="_blank" title="Facebook" class="fb">F</a>',
1770
- '<a href="https://reddit.com/submit?url=wpencryption.com&title=' . $sharetitle . '" target="_blank" title="Reddit" class="rd">R</a>',
1771
- '<a href="https://pinterest.com/pin/create/bookmarklet/?media=https://wpencryption.com/wp-content/uploads/2021/08/banner-772x250-1.png&url=wpencryption.com&description=' . $sharetitle . '" target="_blank" title="Pinterest" class="pt">P</a>'
1772
  ) . '</span></p>
1773
- <a href="https://wordpress.org/support/plugin/wp-letsencrypt-ssl/reviews/#new-post" target="_blank" class="letsrate">' . esc_html__( 'LEAVE A RATING', 'wp-letsencrypt-ssl' ) . ' <span class="dashicons dashicons-external"></span></a>
1774
  ' . $renewlink . '
1775
- <small>' . esc_html__( 'Just takes a moment', 'wp-letsencrypt-ssl' ) . '</small>
1776
  </div>';
1777
- if ( file_exists( $cert ) && isset( $leopts['expiry'] ) && !$wple_support ) {
1778
- $html .= '<div class="wple-completed-remaining">
1779
- <div class="progress--circle progress--' . esc_attr( $daysleft ) . '">
1780
- <div class="progress__number"><strong>' . esc_html( $daysleft ) . '</strong><br><small>' . esc_html__( 'Days', 'wp-letsencrypt-ssl' ) . '</small></div>
1781
  </div>
1782
  <div class="wple-circle-expires">
1783
- <strong>' . esc_html__( 'Your generated SSL certificate expires on', 'wp-letsencrypt-ssl' ) . ': <br><b>' . esc_html( $leopts['expiry'] ) . '</b></strong>
1784
- <p>' . WPLE_Trait::wple_kses( __( "Let's Encrypt® SSL Certificate expires in 90 days by default. You can easily regenerate new SSL certificate using <strong>RENEW SSL CERTIFICATE</strong> option found on left or by clicking on <strong>STEP 1</strong> in progress bar.", "wp-letsencrypt-ssl" ) ) . '<br /><br />' . WPLE_Trait::wple_kses( __( 'Major browsers like Chrome will start showing insecure site warning IF you fail to renew / re-generate certs before this expiry date. <strong>PLEASE NOTE: If you are using PRO version - Ignore the above expiry date as your SSL certificates will be auto renewed in background 30 days prior to expiry date.</strong>', 'wp-letsencrypt-ssl' ) ) . ' Please clear your browser cache once.</p>
1785
  </div>
1786
  </div>';
1787
  }
@@ -1827,16 +1805,16 @@ class WPLE_Admin
1827
  // </div>';
1828
  // }
1829
  // }
1830
- }
1831
-
1832
- /**
1833
- * Make verificiation possible with broken cert
1834
- *
1835
- * commented out to avoid redirection loops
1836
- * @return void
1837
- */
1838
- public function wple_wellknown_htaccess()
1839
- {
1840
  // $dir = ABSPATH . '.well-known/acme-challenge/.htaccess';
1841
  // if (!file_exists($dir)) {
1842
  // $file = @touch($dir);
@@ -1851,16 +1829,16 @@ class WPLE_Admin
1851
  // $ruleset .= "</IfModule>" . "\n";
1852
  // insert_with_markers($dir, 'WP_Encryption', $ruleset);
1853
  // }
1854
- }
1855
-
1856
- /**
1857
- * Grouped admin init hooks
1858
- *
1859
- * @since 5.2.4
1860
- * @return void
1861
- */
1862
- public function wple_admin_init_hooks()
1863
- {
1864
  WPLE_Subdir_Challenge_Helper::download_challenge_files();
1865
  $this->wple_save_email_generate_certs();
1866
  $this->wple_download_files();
@@ -1869,193 +1847,191 @@ class WPLE_Admin
1869
  $this->wple_continue_certification();
1870
  $this->wple_domain_verification();
1871
  //redirects handler
1872
- }
1873
-
1874
- /**
1875
- * Validate SSL button for non-cpanel
1876
- *
1877
- * @since 5.2.6
1878
- * @return void
1879
- */
1880
- public function wple_validate_nocp_ssl()
1881
- {
1882
- if ( !current_user_can( 'manage_options' ) ) {
1883
- exit( 'Unauthorized' );
1884
- }
1885
- $basedomain = str_ireplace( array( 'http://', 'https://' ), array( '', '' ), addslashes( site_url() ) );
1886
  //4.7
1887
- if ( FALSE != stripos( $basedomain, '/' ) ) {
1888
- $basedomain = substr( $basedomain, 0, stripos( $basedomain, '/' ) );
1889
  }
1890
- $client = WPLE_Trait::wple_verify_ssl( $basedomain );
1891
-
1892
- if ( $client || is_ssl() ) {
1893
- $reverter = uniqid( 'wple' );
1894
- $savedopts = get_option( 'wple_opts' );
1895
- $savedopts['force_ssl'] = 1;
1896
- $savedopts['revertnonce'] = $reverter;
1897
- ///WPLE_Trait::wple_send_reverter_secret($reverter);
1898
- update_option( 'wple_opts', $savedopts );
1899
- delete_option( 'wple_error' );
1900
- //complete
1901
- update_option( 'wple_complete', 1 );
1902
- update_option( 'siteurl', str_ireplace( 'http:', 'https:', get_option( 'siteurl' ) ) );
1903
- update_option( 'home', str_ireplace( 'http:', 'https:', get_option( 'home' ) ) );
1904
- echo 1 ;
1905
  } else {
1906
- echo 0 ;
1907
  }
1908
-
1909
  exit;
1910
- }
1911
-
1912
- public function wple_expert_block( &$html, $spmode = 0 )
1913
- {
1914
- }
1915
-
1916
- /**
1917
- * This site have mixed content issues
1918
- *
1919
- * @since 5.3.12
1920
- * @return void
1921
- */
1922
- public function wple_mixed_content_notice()
1923
- {
1924
  $html = '<div class="notice notice-info wple-admin-review wple-mx-prom">
1925
  <div class="wple-review-box">
1926
  <img src="' . WPLE_URL . 'admin/assets/symbol.png"/>
1927
- <span><strong>Warning: ' . esc_html__( 'Your site have mixed content issues!', 'wp-letsencrypt-ssl' ) . '</strong><p>' . WPLE_Trait::wple_kses( __( 'Mixed content issues cause browser padlock to show as insecure even if you have installed SSL certificate perfectly. Hire an SSL Expert today to get rid of all SSL issues once and for all.', 'wp-letsencrypt-ssl' ) ) . '</p></span>
1928
  </div>
1929
- <a class="wple-lets-review wplerevbtn" href="https://checkout.freemius.com/mode/dialog/plugin/7616/plan/12469/licenses/1/" target="_blank">' . esc_html__( 'Hire SSL Expert', 'wp-letsencrypt-ssl' ) . '</a>
1930
- <a class="wple-mx-ignore wplerevbtn" href="#">' . esc_html__( "Don't show again", 'wp-letsencrypt-ssl' ) . '</a>
1931
  </div>';
1932
- echo $html ;
1933
- }
1934
-
1935
- /**
1936
- * Ajax Get cert contents for copy
1937
- *
1938
- * @since 5.3.16
1939
- * @return void
1940
- */
1941
- public function wple_retrieve_certs_forcopy()
1942
- {
1943
- if ( !wp_verify_nonce( $_GET['nc'], 'copycerts' ) || !current_user_can( 'manage_options' ) ) {
1944
- exit( 'Authorization Failure' );
1945
  }
1946
  $ftype = $_GET['gettype'];
1947
  $output = '';
1948
  $keypath = ABSPATH . 'keys/';
1949
- switch ( $ftype ) {
1950
- case 'cert':
1951
- if ( file_exists( $keypath . 'certificate.crt' ) ) {
1952
- $output = file_get_contents( $keypath . 'certificate.crt' );
1953
- }
1954
- break;
1955
- case 'key':
1956
- if ( file_exists( $keypath . 'private.pem' ) ) {
1957
- $output = file_get_contents( $keypath . 'private.pem' );
1958
- }
1959
- break;
1960
- case 'cabundle':
1961
-
1962
- if ( file_exists( ABSPATH . 'keys/cabundle.crt' ) ) {
1963
- $output = file_get_contents( ABSPATH . 'keys/cabundle.crt' );
1964
- } else {
1965
- $output = file_get_contents( WPLE_DIR . 'cabundle/ca.crt' );
1966
- }
1967
-
1968
- break;
1969
  }
1970
- echo esc_html( $output ) ;
1971
  exit;
1972
- }
1973
-
1974
- /**
1975
- * Ajax check if both www & non-www domain accessible
1976
- *
1977
- * @since 5.6.2
1978
- * @return void
1979
- */
1980
- public function wple_include_www_check()
1981
- {
1982
- if ( !current_user_can( 'manage_options' ) || !wp_verify_nonce( $_GET['nc'], 'legenerate' ) ) {
1983
- exit( 'Unauthorized request' );
1984
- }
1985
- $maindomain = WPLE_Trait::get_root_domain( false );
1986
  $errcode = 'www';
1987
-
1988
- if ( FALSE === stripos( 'www', $maindomain ) ) {
1989
- $altdomain = 'www.' . $maindomain;
1990
  } else {
1991
- $errcode = 'nonwww';
1992
- $altdomain = str_ireplace( 'www.', '', $maindomain );
1993
  }
1994
-
1995
- $altdomaintest = wp_remote_head( 'http://' . $altdomain, array(
1996
- 'sslverify' => false,
1997
- 'timeout' => 30,
1998
- ) );
1999
-
2000
- if ( !is_wp_error( $altdomaintest ) ) {
2001
- echo 1 ;
2002
- exit;
2003
  }
2004
-
2005
- echo $errcode ;
2006
  exit;
2007
- }
2008
-
2009
- /**
2010
- * Backup recommendation
2011
- *
2012
- * @since 5.7.14
2013
- */
2014
- // public function wple_backup_suggestion()
2015
- // {
2016
- // if (!wple_fs()->is__premium_only()) {
2017
- // if (FALSE === get_option('wple_plan_choose')) return true;
2018
- // }
2019
- // if (is_plugin_active('backup-bolt/backup-bolt.php')) return true;
2020
- // $action = 'install-plugin';
2021
- // $slug = 'backup-bolt';
2022
- // $pluginstallURL = wp_nonce_url(
2023
- // add_query_arg(
2024
- // array(
2025
- // 'action' => $action,
2026
- // 'plugin' => $slug
2027
- // ),
2028
- // admin_url('update.php')
2029
- // ),
2030
- // $action . '_' . $slug
2031
- // );
2032
- // $html = '<div class="notice notice-info wple-admin-review wple-backup-suggestion">
2033
- // <img src="' . WPLE_URL . 'admin/assets/symbol.png"/>
2034
- // <p>Before installing SSL certificate or enforcing HTTPS, We HIGHLY recommend you backup your site using <b>"BACKUP BOLT"</b> WordPress plugin</p>
2035
- // <a href="' . esc_url($pluginstallURL) . '" class="wple-backup-link wple-backup-install">Install & Activate Plugin</a>
2036
- // <a href="#" class="wple-backup-link wple-backup-skip">Skip - I already have the backup</a>
2037
- // </div>';
2038
- // echo $html;
2039
- // }
2040
- public function wple_ignore_backup_suggest()
2041
- {
2042
- if ( !current_user_can( 'manage_options' ) ) {
2043
- exit;
2044
- }
2045
- update_option( 'wple_backup_suggested', true );
2046
- echo 1 ;
2047
  exit;
2048
- }
2049
-
2050
- public function wple_oneyearprom( $reasons )
2051
- {
2052
  $reasons['long-term'][] = $reasons['short-term'][] = array(
2053
- 'id' => 20,
2054
- 'text' => '<a href="https://checkout.freemius.com/mode/dialog/plugin/11510/plan/19608/" target="_blank"><img src="' . WPLE_URL . 'admin/assets/1-year-ssl.png"/></a>',
2055
- 'input_type' => '',
2056
- 'input_placeholder' => 'oneyearssl',
2057
  );
2058
  return $reasons;
 
2059
  }
2060
-
2061
- }
29
  *
30
  * @since 5.1.1
31
  */
32
+ require_once plugin_dir_path(__DIR__) . 'vendor/autoload.php';
33
+
34
+ use WPLEClient\LEFunctions;
35
+
36
  require_once WPLE_DIR . 'classes/le-core.php';
37
  require_once WPLE_DIR . 'classes/le-subdir-challenge.php';
38
  /**
43
  */
44
  class WPLE_Admin
45
  {
46
+ private $FIREWALL;
47
+ public function __construct()
48
+ {
49
+ add_action('admin_enqueue_scripts', array($this, 'wple_admin_styles'));
50
+ add_action('admin_menu', array($this, 'wple_admin_menu_page'));
51
+ add_action(
52
+ 'before_wple_admin_form',
53
+ array($this, 'wple_debug_log'),
54
+ 20,
55
+ 1
56
+ );
57
+ add_action('admin_init', array($this, 'wple_admin_init_hooks'));
58
+ add_action('plugins_loaded', array($this, 'wple_load_plugin_textdomain'));
59
+ $show_rev = get_option('wple_show_review');
60
+ if ($show_rev != FALSE && $show_rev == 1 && FALSE === get_option('wple_show_review_disabled')) {
61
+ add_action('admin_notices', array($this, 'wple_rateus'));
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
62
  }
63
+ if (FALSE !== get_option('wple_show_reminder')) {
64
+ add_action('admin_notices', [$this, 'wple_reminder_notice']);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
65
  }
66
+ // if (FALSE === get_option('wple_backup_suggested')) { //since 5.7.14
67
+ // add_action('admin_notices', [$this, 'wple_backup_suggestion']);
68
+ // }
69
+ if (FALSE !== get_option('wple_mixed_issues') && FALSE === get_option('wple_mixed_issues_disabled')) {
70
+ //since 5.3.12
71
+ add_action('admin_notices', [$this, 'wple_mixed_content_notice']);
 
 
 
 
 
 
 
 
 
 
 
 
72
  }
73
+ if (isset($_GET['successnotice'])) {
74
+ add_action('admin_notices', array($this, 'wple_success_notice'));
 
 
75
  }
76
+ add_action('wple_show_reviewrequest', array($this, 'wple_set_review_flag'));
77
+ add_action('wp_ajax_wple_dismiss', array($this, 'wple_dismiss_notice'));
78
+ add_action('wp_ajax_wple_admin_dnsverify', [$this, 'wple_ajx_verify_dns']);
79
+ add_action('wple_ssl_reminder_notice', [$this, 'wple_start_show_reminder']);
80
+ add_action('wp_ajax_wple_admin_httpverify', [$this, 'wple_ajx_verify_http']);
81
+ add_action('wp_ajax_wple_validate_ssl', [$this, 'wple_validate_nocp_ssl']);
82
+ add_action('wp_ajax_wple_getcert_for_copy', [$this, 'wple_retrieve_certs_forcopy']);
83
+ add_action('wp_ajax_wple_include_www', [$this, 'wple_include_www_check']);
84
+ add_action('wp_ajax_wple_backup_ignore', [$this, 'wple_ignore_backup_suggest']);
85
+ add_filter('fs_uninstall_reasons_wp-letsencrypt-ssl', [$this, 'wple_oneyearprom'], 1);
86
+ }
87
+
88
+ /**
89
+ * Enqueue admin styles
90
+ *
91
+ * @since 1.0.0
92
+ * @return void
93
+ */
94
+ public function wple_admin_styles()
95
+ {
96
+ wp_enqueue_style(
97
+ WPLE_NAME,
98
+ WPLE_URL . 'admin/css/le-admin.min.css',
99
+ FALSE,
100
+ WPLE_PLUGIN_VERSION,
101
+ 'all'
102
+ );
103
+ wp_enqueue_script(
104
+ WPLE_NAME . '-popper',
105
+ WPLE_URL . 'admin/js/popper.min.js',
106
+ array('jquery'),
107
+ WPLE_PLUGIN_VERSION,
108
+ true
109
+ );
110
+ wp_enqueue_script(
111
+ WPLE_NAME . '-tippy',
112
+ WPLE_URL . 'admin/js/tippy-bundle.iife.min.js',
113
+ array('jquery'),
114
+ WPLE_PLUGIN_VERSION,
115
+ true
116
+ );
117
+ wp_enqueue_script(
118
+ WPLE_NAME,
119
+ WPLE_URL . 'admin/js/le-admin.js',
120
+ array('jquery', WPLE_NAME . '-tippy', WPLE_NAME . '-popper'),
121
+ WPLE_PLUGIN_VERSION,
122
+ true
123
+ );
124
+ wp_enqueue_script(
125
+ WPLE_NAME . '-fs',
126
+ 'https://checkout.freemius.com/checkout.min.js',
127
+ array('jquery'),
128
+ WPLE_PLUGIN_VERSION,
129
+ false
130
+ );
131
+ wp_localize_script(WPLE_NAME, 'SCAN', array(
132
+ 'adminajax' => admin_url('/admin-ajax.php'),
133
+ 'base' => site_url('/', 'https'),
134
+ ));
135
+ }
136
+
137
+ /**
138
+ * Register plugin page
139
+ *
140
+ * @since 1.0.0
141
+ * @return void
142
+ */
143
+ public function wple_admin_menu_page()
144
+ {
145
+ add_menu_page(
146
+ WPLE_NAME,
147
+ WPLE_NAME,
148
+ 'manage_options',
149
+ WPLE_SLUG,
150
+ array($this, 'wple_menu_page'),
151
+ plugin_dir_url(__DIR__) . 'admin/assets/icon.png',
152
+ 100
153
+ );
154
+ }
155
+
156
+ public function wple_load_plugin_textdomain()
157
+ {
158
+ load_plugin_textdomain('wp-letsencrypt-ssl', FALSE, basename(dirname(__FILE__)) . '/languages/');
159
+ }
160
+
161
+ /**
162
+ * Plugin page HTML
163
+ *
164
+ * @since 1.0.0
165
+ * @return void
166
+ */
167
+ public function wple_menu_page()
168
+ {
169
+
170
+ if (FALSE === get_option('wple_version')) {
171
+ delete_option('wple_plan_choose');
172
+ update_option('wple_version', WPLE_PLUGIN_VERSION);
173
+ } else {
174
+
175
+ if (version_compare(get_option('wple_version'), '5.8.1', '<=')) {
176
+ delete_option('wple_plan_choose');
177
+ update_option('wple_version', WPLE_PLUGIN_VERSION);
178
+ }
179
+ }
180
+
181
+ $this->wple_subdir_ipaddress();
182
+ $eml = '';
183
+ $leopts = get_option('wple_opts');
184
+ if ($opts = get_option('wple_opts')) {
185
+ $eml = (isset($opts['email']) ? $opts['email'] : '');
186
+ }
187
+ $pluginmode = 'FREE';
188
+ $errorclass = '';
189
+
190
+ if (!wple_fs()->is__premium_only() && wple_fs()->can_use_premium_code()) {
191
+ $pluginmode = 'FREE plugin with PRO License <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="Please upload and activate PRO plugin file via PLUGINS page"></span>';
192
+ $errorclass = ' notproerror';
193
+ }
194
+
195
+
196
+ if (wple_fs()->is__premium_only() && !wple_fs()->can_use_premium_code()) {
197
+ $pluginmode = 'PRO plugin with FREE License <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="Please activate PRO license key via Account page or Activate License option under the plugin on PLUGINS page"></span>';
198
+ $errorclass = ' notproerror';
199
+ }
200
+
201
+ $html = '
202
  <div class="wple-header">
203
  <div>
204
  <img src="' . WPLE_URL . 'admin/assets/logo.png" class="wple-logo"/> <span class="wple-version">v' . WPLE_PLUGIN_VERSION . ' <span class="wple-pmode' . $errorclass . '">' . $pluginmode . '</span></span>
205
  </div>';
206
+ WPLE_Trait::wple_headernav($html);
207
+ $html .= '</div>';
208
+
209
+ if (FALSE === get_option('wple_plan_choose') || isset($_GET['comparison'])) {
210
+ $this->wple_initial_quick_pricing($html);
211
+ return;
212
+ }
213
+
214
+ //5.1.0
215
+ $complete = (FALSE !== get_option('wple_complete') ? 1 : 0);
216
+
217
+ if ($complete) {
218
+ $html .= '<div id="wple-sslgen">';
219
+ $this->wple_completed_block($html);
220
+ $html .= '</div>';
221
+ if (!wple_fs()->is__premium_only() || !wple_fs()->can_use_premium_code()) {
222
+ $this->wple_upgrade_block($html);
223
+ }
224
+ echo $html;
225
+ return;
226
+ }
227
+
228
+ $this->wple_success_block($html);
229
+ $this->wple_error_block($html);
230
+ if (!isset($_GET['wpleauto']) && isset($_GET['subdir'])) {
231
+ $this->wple_subdir_challenges($html, $leopts);
232
+ }
233
+
234
+ if (!wple_fs()->is__premium_only() || !wple_fs()->can_use_premium_code()) {
235
+
236
+ if (isset($_GET['subdir'])) {
237
+ $this->wple_upgrade_block($html);
238
+ echo $html;
239
+ return;
240
+ }
241
+
242
+
243
+ if (isset($_GET['success'])) {
244
+ $this->wple_upgrade_block($html);
245
+ echo $html;
246
+ return;
247
+ }
248
+ }
249
+
250
+ $prosupport = WPLE_Trait::wple_kses(sprintf(__('Brought to you by %sWP Encryption%s.'), '<a href="https://wpencryption.com" target="_blank">', '</a>'), 'a');
251
+
252
+ if (!is_plugin_active('backup-bolt/backup-bolt.php') && FALSE === get_option('wple_backup_suggested')) {
253
+ $action = 'install-plugin';
254
+ $slug = 'backup-bolt';
255
+ $pluginstallURL = wp_nonce_url(add_query_arg(array(
256
+ 'action' => $action,
257
+ 'plugin' => $slug,
258
+ ), admin_url('update.php')), $action . '_' . $slug);
259
+ $html .= '
 
260
  <div class="le-powered">
261
+ <!--<span>' . $prosupport . ' ' . WPLE_Trait::wple_kses(sprintf('SSL Certificate will be generated by %s (An open certificate authority).', "<b>Let's Encrypt<sup style=\"font-size: 10px; padding: 3px\">TM</sup></b>")) . '</span>-->
262
  <span style="display: flex;align-items: center;"><strong>Recommended:-</strong> Before enforcing HTTPS, We highly recommend taking a backup of your site using some good backup plugin like <img src="' . WPLE_URL . '/admin/assets/backup-bolt.png" style="max-width:120px"> - <a href="' . $pluginstallURL . '" target="_blank">Install & Activate Backup Bolt</a> | <a href="#" class="wple-backup-skip">Ignore</a></span>
263
  </div>';
264
+ }
265
+
266
+ $mappeddomain = '';
267
+ $formheader = esc_html__('SSL INSTALL FORM - ENTER YOUR EMAIL BELOW & GENERATE SSL CERTIFICATE', 'wp-letsencrypt-ssl');
268
+ $currentdomain = esc_html(str_ireplace(array('http://', 'https://'), array('', ''), site_url()));
269
+ $maindomain = $currentdomain;
270
+ $slashpos = stripos($currentdomain, '/');
271
+
272
+ if (FALSE !== $slashpos) {
273
+ //subdir installation
274
+ $maindomain = substr($currentdomain, 0, $slashpos);
275
+ $mappeddomain = '<label style="display: block; padding: 10px 5px; color: #aaa;font-size:15px;">' . esc_html__('PRIMARY DOMAIN', 'wp-letsencrypt-ssl') . '</label>
276
+ <p style="width: 800px; max-width:100%; margin: 5px auto 20px;">' . WPLE_Trait::wple_kses(sprintf(__('<strong>NOTE:</strong> Since you are willing to install SSL certificate for sub-directory site, SSL certificate will be generated for your primary domain <strong>%s</strong> which will cover your primary domain + ALL sub-directory sites.', 'wp-letsencrypt-ssl'), $maindomain)) . '</p>
277
+ <input type="text" name="wple_domain" class="wple-domain-input" value="' . esc_attr($maindomain) . '" readonly><br />';
278
+ }
279
+
280
+ //since 5.3.4
281
+ $tempdomain = '';
282
+ if (FALSE !== stripos($maindomain, 'temp.domains') || FALSE !== stripos($maindomain, '~')) {
283
+ $tempdomain = '<p style="width: 800px; max-width:100%; margin: 5px auto 20px;">' . sprintf(
284
+ esc_html__("%sWARNING:%s You are trying to install SSL for %stemporary domain%s which is not possible. Please point your real domain like wpencryption.com to your site and update your site url in %ssettings%s > %sgeneral%s before you could generate SSL.", "wp-letsencrypt-ssl"),
285
+ "<strong>",
286
+ "</strong>",
287
+ "<strong>",
288
+ "</strong>",
289
+ "<strong>",
290
+ "</strong>",
291
+ "<strong>",
292
+ "</strong>"
293
+ ) . '</p>';
294
+ }
295
+ if (isset($leopts['type']) && $leopts['type'] == 'wildcard') {
296
+ $html .= '<script>
297
  jQuery(document).ready(function(){
298
  jQuery(".single-wildcard-switch").trigger("click");
299
  });
300
  </script>';
301
+ }
302
+ $html .= '<div id="wple-sslgen">
303
  <h2>' . $formheader . '</h2>
304
+ <div style="text-align: center; margin-top: -30px; font-size: 16px;"><a style="text-decoration-style:dashed;text-decoration-thickness: from-font;" href="' . admin_url('admin.php?page=wp_encryption_faq#howitworks') . '">How it works?</a></div>';
305
+ if (is_multisite() && !wple_fs()->can_use_premium_code__premium_only()) {
306
+ $html .= '<p class="wple-multisite">' . WPLE_Trait::wple_kses(__('Upgrade to <strong>PRO</strong> version to avail Wildcard SSL support for multisite and ability to install SSL for mapped domains (different domain names).', 'wp-letsencrypt-ssl')) . '</p>';
307
+ }
308
+ $html .= WPLE_Trait::wple_progress_bar();
309
+ //$cname = '';
310
+ //if (FALSE === stripos($currentdomain, '/')) {
311
+ // if (stripos($currentdomain, 'www') === FALSE) {
312
+ // $cname = '<span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="' . esc_attr__("Add a CNAME with name 'www' pointing to your non-www domain", 'wp-letsencrypt-ssl') . '. ' . esc_attr__("Refer FAQ if you want to generate SSL for both www & non-www domain.", 'wp-letsencrypt-ssl') . '"></span>';
313
+ // } else {
314
+ //$cname = '<span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="' . esc_attr__("Refer FAQ if you want to generate SSL for both www & non-www domain.", 'wp-letsencrypt-ssl') . '"></span>';
315
+ //}
316
+ //}
317
+ $bothchecked = '';
318
+ $leadminform = '<form method="post" class="le-genform single-genform">' . $mappeddomain . $tempdomain . '
319
+ <input type="email" name="wple_email" class="wple_email" value="' . esc_attr($eml) . '" placeholder="' . esc_attr__('Enter your email address', 'wp-letsencrypt-ssl') . '" title="' . esc_attr__('All email notifications are sent to this email ID', 'wp-letsencrypt-ssl') . '" ><br />';
320
+ // if (FALSE === stripos('www', $maindomain)) {
321
+ // $altdomain = 'www.' . $maindomain;
322
+ // } else {
323
+ // $altdomain = str_ireplace('www.', '', $maindomain);
324
+ // }
325
+ // $altdomaintest = wp_remote_head('http://' . $altdomain, array('sslverify' => false, 'timeout' => 30));
326
+ ///if (!is_wp_error($altdomaintest) || isset($_GET['includewww'])) {
327
+ if (isset($_GET['includewww'])) {
328
+ $bothchecked = 'checked';
329
+ }
330
+ $leadminform .= '<span class="lecheck">
331
  <label class="checkbox-label">
332
  <input type="checkbox" name="wple_include_www" class="wple_include_www" value="1" ' . $bothchecked . '>
333
  <span class="checkbox-custom rectangular"></span>
334
  </label>
335
+ ' . esc_html__('Generate SSL Certificate for both www & non-www version of domain', 'wp-letsencrypt-ssl') . '&nbsp; <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="' . esc_attr__("Before enabling this - please make sure both www & non-www version of your domain works!. Add a CNAME with name 'www' pointing to your non-www domain in your domain DNS zone editor", 'wp-letsencrypt-ssl') . '"></span></label>
336
  </span><br />';
337
+ ///}
338
+
339
+ if (isset($_GET['includeemail'])) {
340
+ $leadminform .= '<span class="lecheck">
341
  <label class="checkbox-label">
342
  <input type="checkbox" name="wple_include_mail" class="wple_include_mail" value="1">
343
  <span class="checkbox-custom rectangular"></span>
344
  </label>
345
+ ' . esc_html__('Secure POP/IMAP email server', 'wp-letsencrypt-ssl') . '&nbsp; <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="' . sprintf(esc_attr__("This option will secure %s but DNS based domain verification is MANDATORY", 'wp-letsencrypt-ssl'), 'mail.' . $maindomain) . '"></span></label>
346
  </span><br />';
347
+ $webmail = 'webmail.' . $maindomain;
348
+ $leadminform .= '<span class="lecheck">
349
  <label class="checkbox-label">
350
  <input type="checkbox" name="wple_include_webmail" class="wple_include_webmail" value="1">
351
  <span class="checkbox-custom rectangular"></span>
352
  </label>
353
+ ' . sprintf(esc_html__('Secure %s', 'wp-letsencrypt-ssl'), $webmail) . '&nbsp; <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="' . sprintf(esc_attr__("This option will secure %s but DNS based domain verification is MANDATORY", 'wp-letsencrypt-ssl'), $webmail) . '"></span></label>
354
  </span><br />';
355
+ }
356
+
357
+ $leadminform .= '<span class="lecheck">
358
  <label class="checkbox-label">
359
  <input type="checkbox" name="wple_send_usage" value="1" checked>
360
  <span class="checkbox-custom rectangular"></span>
361
  </label>
362
+ ' . esc_html__('Anonymously send response data to get better support', 'wp-letsencrypt-ssl') . '</label>
363
  </span><br />';
364
+ $leadminform .= '<span class="lecheck">
365
  <label class="checkbox-label">
366
  <input type="checkbox" name="wple_agree_le_tos" class="wple_agree_le" value="1">
367
  <span class="checkbox-custom rectangular"></span>
368
  </label>
369
+ ' . WPLE_Trait::wple_kses(sprintf(
370
+ __("I agree to %sLet's Encrypt%s %sTerms of service%s", "wp-letsencrypt-ssl"),
371
+ '<b>',
372
+ '<sup style="font-size: 10px; padding: 3px">TM</sup></b>',
373
+ '<a href="' . esc_attr__('https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf', 'wp-letsencrypt-ssl') . '" rel="nofollow" target="_blank" style="margin-left:5px">',
374
+ '</a>'
375
+ ), 'a') . '
376
  </span>
377
  <span class="lecheck">
378
  <label class="checkbox-label">
379
  <input type="checkbox" name="wple_agree_gws_tos" class="wple_agree_gws" value="1">
380
  <span class="checkbox-custom rectangular"></span>
381
  </label>
382
+ ' . WPLE_Trait::wple_kses(sprintf(__("I agree to <b>WP Encryption</b> %sTerms of service%s", "wp-letsencrypt-ssl"), '<a href="https://gowebsmarty.com/terms-and-conditions/" rel="nofollow" target="_blank" style="margin-left:5px">', '</a>'), 'a') . '
383
  </span>
384
  ' . wp_nonce_field(
385
+ 'legenerate',
386
+ 'letsencrypt',
387
+ false,
388
+ false
389
+ ) . '
390
+ <button type="submit" name="generate-certs" id="singledvssl">' . esc_html__('Generate SSL Certificate', 'wp-letsencrypt-ssl') . '</button>
391
  </form>
392
 
393
  <div id="wple-error-popper">
396
  <div class="wple-error">Error</div>
397
  </div>
398
  </div>';
399
+ $nonwww = str_ireplace('www.', '', $currentdomain);
400
+ if (FALSE !== ($ps = stripos($nonwww, '/'))) {
401
+ $nonwww = substr($nonwww, 0, $ps);
402
+ }
403
+ $wwwdomain = 'www.' . $nonwww;
404
+
405
+ if (FALSE != stripos($currentdomain, 'www.')) {
406
+ $wwwdomain = $nonwww;
407
+ $nonwww = 'www.' . $nonwww;
408
+ }
409
+
410
+ $showonpro = '';
411
+ $html .= '<div class="wple-single-dv-ssl">
412
  <div class="wple-info-box">
413
+ <h3>' . esc_html__('Domains Covered', 'wp-letsencrypt-ssl') . '</h3>
414
  <strong>' . $nonwww . '</strong>
415
  <div class="wple-www' . $showonpro . '"><strong>' . $wwwdomain . '</strong></div>
416
  <div class="wple-wc"><strong>*.' . $nonwww . '</strong></div>
417
  </div>';
418
+ ob_start();
419
+ do_action('before_wple_admin_form', $html);
420
+ $html .= ob_get_contents();
421
+ ob_end_clean();
422
+ $html .= apply_filters('wple_admin_form', $leadminform);
423
+ ob_start();
424
+ do_action('after_wple_admin_form', $html);
425
+ $html .= ob_get_contents();
426
+ ob_end_clean();
427
+ $html .= '</div>';
428
+ $html .= '
429
  </div><!--wple-sslgen-->';
430
+
431
+ if (!wple_fs()->is__premium_only() || !wple_fs()->can_use_premium_code()) {
432
+ $this->wple_upgrade_block($html);
433
+ } else {
434
+ $this->wple_expert_block($html);
 
 
 
435
  }
436
+
437
+ echo $html;
438
+ }
439
+
440
+ /**
441
+ * log process & error in debug.log file
442
+ *
443
+ * @since 1.0.0
444
+ * @param string $html
445
+ * @return void
446
+ */
447
+ public function wple_debug_log($html)
448
+ {
449
+
450
+ if (!file_exists(WPLE_DEBUGGER)) {
451
+ wp_mkdir_p(WPLE_DEBUGGER);
452
+ $htacs = '<Files debug.log>' . "\n" . 'Order allow,deny' . "\n" . 'Deny from all' . "\n" . '</Files>';
453
+ file_put_contents(WPLE_DEBUGGER . '.htaccess', $htacs);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
454
  }
455
+
456
+ //show only upon error since 4.6.0
457
+
458
+ if (isset($_GET['error'])) {
459
+ $html = '<div class="toggle-debugger"><span class="dashicons dashicons-arrow-down-alt2"></span> ' . esc_html__('Show/hide full response', 'wp-letsencrypt-ssl') . '</div>';
460
+ $file = WPLE_DEBUGGER . 'debug.log';
461
+
462
+ if (file_exists($file)) {
463
+ $log = file_get_contents($file);
464
+ $hideh2 = '';
465
+ if (isset($_GET['dnsverified']) || isset($_GET['dnsverify'])) {
466
+ $hideh2 = 'hideheader';
467
+ }
468
+ $html .= '<div class="le-debugger running ' . $hideh2 . '"><h3>' . esc_html__('Response Log', 'wp-letsencrypt-ssl') . ':</h3>' . WPLE_Trait::wple_kses(nl2br($log)) . '</div>';
469
+ } else {
470
+ $html .= '<div class="le-debugger">' . esc_html__("Full response will be shown here", 'wp-letsencrypt-ssl') . '</div>';
471
+ }
472
+
473
+ echo $html;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
474
  }
475
+ }
476
+
477
+ /**
478
+ * Save email & proceed upon clicking install SSL
479
+ *
480
+ * @since 1.0.0
481
+ * @return void
482
+ */
483
+ public function wple_save_email_generate_certs()
484
+ {
485
+ //since 2.4.0
486
+ //force https upon success
487
+
488
+ if (isset($_POST['wple-https'])) {
489
+ if (!wp_verify_nonce($_POST['sslready'], 'wplehttps') || !current_user_can('manage_options')) {
490
+ exit('Unauthorized access');
491
+ }
492
+ $basedomain = str_ireplace(array('http://', 'https://'), array('', ''), addslashes(site_url()));
493
+ //4.7
494
+ if (FALSE != stripos($basedomain, '/')) {
495
+ $basedomain = substr($basedomain, 0, stripos($basedomain, '/'));
496
+ }
497
+ $client = WPLE_Trait::wple_verify_ssl($basedomain);
498
+
499
+ if (!$client && !is_ssl()) {
500
+ wp_redirect(admin_url('/admin.php?page=wp_encryption&success=1&nossl=1', 'http'));
501
+ exit;
502
+ }
503
+
504
+ // $SSLCheck = @fsockopen("ssl://" . $basedomain, 443, $errno, $errstr, 30);
505
+ // if (!$SSLCheck) {
506
+ // wp_redirect(admin_url('/admin.php?page=wp_encryption&success=1&nossl=1', 'http'));
507
+ // exit();
508
+ // }
509
+ $reverter = uniqid('wple');
510
+ $savedopts = get_option('wple_opts');
511
+ $savedopts['force_ssl'] = 1;
512
+ $savedopts['revertnonce'] = $reverter;
513
+ ///WPLE_Trait::wple_send_reverter_secret($reverter);
514
+ update_option('wple_opts', $savedopts);
515
+ delete_option('wple_error');
516
+ //complete
517
+ update_option('wple_complete', 1);
518
+ update_option('siteurl', str_ireplace('http:', 'https:', get_option('siteurl')));
519
+ update_option('home', str_ireplace('http:', 'https:', get_option('home')));
520
+ wp_redirect(admin_url('/admin.php?page=wp_encryption', 'https'));
521
+ exit;
522
  }
523
+
524
+ //single domain ssl
525
+
526
+ if (isset($_POST['generate-certs'])) {
527
+ if (!wp_verify_nonce($_POST['letsencrypt'], 'legenerate') || !current_user_can('manage_options')) {
528
+ die('Unauthorized request');
529
+ }
530
+ if (empty($_POST['wple_email'])) {
531
+ wp_die(esc_html__('Please input valid email address', 'wp-letsencrypt-ssl'));
532
+ }
533
+ $leopts = array(
534
+ 'email' => sanitize_email($_POST['wple_email']),
535
+ 'date' => date('d-m-Y'),
536
+ 'expiry' => '',
537
+ 'type' => 'single',
538
+ 'send_usage' => (isset($_POST['wple_send_usage']) ? 1 : 0),
539
+ 'include_www' => (isset($_POST['wple_include_www']) ? 1 : 0),
540
+ 'include_mail' => (isset($_POST['wple_include_mail']) ? 1 : 0),
541
+ 'include_webmail' => (isset($_POST['wple_include_webmail']) ? 1 : 0),
542
+ 'agree_gws_tos' => (isset($_POST['wple_agree_gws_tos']) ? 1 : 0),
543
+ 'agree_le_tos' => (isset($_POST['wple_agree_le_tos']) ? 1 : 0),
544
+ );
545
+
546
+ if (isset($_POST['wple_domain']) && !is_multisite()) {
547
+ $leopts['subdir'] = 1;
548
+ $leopts['domain'] = sanitize_text_field($_POST['wple_domain']);
549
+ }
550
+
551
+ update_option('wple_opts', $leopts);
552
+ new WPLE_Core($leopts);
553
+ }
554
+ }
555
+
556
+ /**
557
+ * Download cert files based on clicked link
558
+ *
559
+ * certs for multisite mapped domains cannot be downloaded yet
560
+ * @since 1.0.0
561
+ * @return void
562
+ */
563
+ public function wple_download_files()
564
+ {
565
+
566
+ if (isset($_GET['le']) && current_user_can('manage_options')) {
567
+ switch ($_GET['le']) {
568
+ case '1':
569
+ $file = uniqid() . '-cert.crt';
570
+ file_put_contents($file, file_get_contents(ABSPATH . 'keys/certificate.crt'));
571
+ break;
572
+ case '2':
573
+ $file = uniqid() . '-key.pem';
574
+ file_put_contents($file, file_get_contents(ABSPATH . 'keys/private.pem'));
575
+ break;
576
+ case '3':
577
+ $file = uniqid() . '-cabundle.crt';
578
+
579
+ if (file_exists(ABSPATH . 'keys/cabundle.crt')) {
580
+ $cabundlefile = file_get_contents(ABSPATH . 'keys/cabundle.crt');
581
+ } else {
582
+ $cabundlefile = file_get_contents(WPLE_DIR . 'cabundle/ca.crt');
583
+ }
584
+
585
+ file_put_contents($file, $cabundlefile);
586
+ break;
587
+ }
588
+ header('Content-Description: File Transfer');
589
+ header('Content-Type: text/plain');
590
+ header('Content-Length: ' . filesize($file));
591
+ header('Content-Disposition: attachment; filename=' . basename($file));
592
+ readfile($file);
593
+ if (file_exists($file)) {
594
+ unlink($file);
595
+ }
596
+ exit;
597
+ }
598
+ }
599
+
600
+ /**
601
+ * Rate us admin notice
602
+ *
603
+ * @since 2.0.0
604
+ * @return void
605
+ */
606
+ public function wple_rateus()
607
+ {
608
+ $cert = ABSPATH . 'keys/certificate.crt';
609
+
610
+ if (file_exists($cert)) {
611
+ if (isset($_GET['page']) && $_GET['page'] == 'wp_encryption') {
612
+ return;
613
+ }
614
+ $reviewnonce = wp_create_nonce('wplereview');
615
+ $html = '<div class="notice notice-info wple-admin-review">
616
  <div class="wple-review-box">
617
  <img src="' . WPLE_URL . 'admin/assets/symbol.png"/>
618
+ <span><strong>' . esc_html__('Congratulations!', 'wp-letsencrypt-ssl') . '</strong><p>' . WPLE_Trait::wple_kses(__('SSL certificate generated successfully!. <b>WP Encryption</b> just saved you several $$$ by generating free SSL certificate in record time!. Could you please do us a BIG favor & rate us with 5 star review to support further development of this plugin.', 'wp-letsencrypt-ssl')) . '</p></span>
619
  </div>
620
+ <a class="wple-lets-review wplerevbtn" href="https://wordpress.org/support/plugin/wp-letsencrypt-ssl/reviews/#new-post" rel="nofollow noopener" target="_blank">' . esc_html__('Rate plugin', 'wp-letsencrypt-ssl') . '</a>
621
+ <a class="wple-did-review wplerevbtn" href="#" data-nc="' . esc_attr($reviewnonce) . '" data-action="1">' . esc_html__("Don't show again", 'wp-letsencrypt-ssl') . '</a>
622
+ <a class="wple-later-review wplerevbtn" href="#" data-nc="' . esc_attr($reviewnonce) . '" data-action="2">' . esc_html__('Remind me later', 'wp-letsencrypt-ssl') . '&nbsp;<span class="dashicons dashicons-clock"></span></a>
623
  </div>';
624
+ echo $html;
 
 
625
  }
626
+ }
627
+
628
+ /**
629
+ * Check if wp install is IP or subdir based
630
+ *
631
+ * @since 2.4.0
632
+ * @return void
633
+ */
634
+ public function wple_subdir_ipaddress()
635
+ {
636
+ $siteURL = str_ireplace(array('http://', 'https://', 'www.'), array('', '', ''), site_url());
637
+ $flg = 0;
638
+ if (filter_var($siteURL, FILTER_VALIDATE_IP)) {
639
+ $flg = 1;
640
+ }
641
+ if (FALSE !== stripos($siteURL, 'localhost')) {
642
+ $flg = 1;
643
+ }
644
+
645
+ if (FALSE != stripos($siteURL, '/') && is_multisite()) {
646
+ $html = '<div class="wrap" id="le-wrap">
647
  <div class="le-inner">
648
  <div class="wple-header">
649
+ <img src="' . WPLE_URL . 'admin/assets/logo.png" class="wple-logo"/> <span class="wple-version">v' . esc_html(WPLE_PLUGIN_VERSION) . '</span>
650
  </div>
651
  <div class="wple-warning-notice">
652
+ <h2>' . esc_html__('You do not need to install SSL for each sub-directory site in multisite, Please install SSL for your primary domain and it will cover ALL sub directory sites too.', 'wp-letsencrypt-ssl') . '</h2>
653
  </div>
654
  </div>
655
  </div>';
656
+ echo $html;
657
+ wp_die();
658
+ }
659
+
660
+
661
+ if ($flg) {
662
+ $html = '<div class="wrap" id="le-wrap">
663
  <div class="le-inner">
664
  <div class="wple-header">
665
+ <img src="' . WPLE_URL . 'admin/assets/logo.png" class="wple-logo"/> <span class="wple-version">v' . esc_html(WPLE_PLUGIN_VERSION) . '</span>
666
  </div>
667
  <div class="wple-warning-notice">
668
+ <h2>' . esc_html__('SSL Certificates cannot be issued for localhost and IP address based WordPress site. Please use this on your real domain based WordPress site.', 'wp-letsencrypt-ssl') . ' ' . esc_html__('This restriction is not implemented by WP Encryption but its how SSL certificates work.', 'wp-letsencrypt-ssl') . '</h2>
669
  </div>
670
  </div>
671
  </div>';
672
+ echo $html;
673
+ wp_die();
 
 
674
  }
675
+ }
676
+
677
+ /**
678
+ * Upgrade to PRO
679
+ *
680
+ * @param string $html
681
+ * @since 2.5.0
682
+ * @return void
683
+ */
684
+ public function wple_upgrade_block(&$html)
685
+ {
686
+ $upgradeurl = admin_url('/admin.php?page=wp_encryption-pricing');
687
+ ///$upgradeurl = admin_url('/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=8210&plan_name=pro&billing_cycle=lifetime&pricing_id=7965&currency=usd&coupon=FIRSTBUY');
688
+ $nopricing = get_option('wple_no_pricing');
689
+ //gdy
690
+ $cp = get_option('wple_have_cpanel');
691
+ // if (FALSE === $nopricing && !$cp) { //not gdy & not cpanel
692
+ // $nopricing = rand(0, 1);
693
+ // }
694
+ $automatic = esc_html__('Automatic', 'wp-letsencrypt-ssl');
695
+ $manual = esc_html__('Manual', 'wp-letsencrypt-ssl');
696
+ $domain = str_ireplace(array('https://', 'http://', 'www.'), '', site_url());
697
+ $dverify = $automatic;
698
+ if (stripos($domain, '/') != FALSE) {
699
+ //subdir site
700
+ $dverify = $manual;
701
+ }
702
+ $html .= '
703
  <div id="wple-upgradepro">';
704
+
705
+ if (FALSE !== $cp && $cp) {
706
+ $html .= '<strong style="display: block; text-align: center; color: #666;">Woot Woot! You have <b>CPANEL</b>! Why struggle with manual SSL renewal every 90 days? - Enjoy 100% automation with PRO version.</strong>';
707
+ ///$upgradeurl = admin_url('/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=8210&plan_name=pro&billing_cycle=lifetime&pricing_id=7965&currency=usd');
708
+ }
709
+
710
+ $compareurl = 'https://wpencryption.com?utm_source=wordpress&utm_medium=comparison&utm_campaign=wpencryption';
711
+ //$compareurl = admin_url('/admin.php?page=wp_encryption&comparison=1');
712
+
713
+ if ($nopricing) {
714
+ $compareurl = admin_url('/admin.php?page=wp_encryption&comparison=1');
715
+ //$upgradeurl = admin_url('/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=11394&plan_name=pro&billing_cycle=annual&pricing_id=11717&currency=usd');
716
+ //$upgradeurl = 'https://checkout.freemius.com/mode/dialog/plugin/5090/plan/10643/'; //CDN
717
+ $html .= '<div class="wple-error-firewall fire-pro wple-procdn">
718
  <div>
719
  <img src="' . WPLE_URL . 'admin/assets/firewall-shield-pro.png"/>
720
  </div>
725
  <span><b>Automatic CDN</b><br>Your site is served from 42 full scale edge locations for faster content delivery and fastest performance.</span>
726
  </div>
727
  </div>';
728
+ } else {
729
+ $html .= '<div class="wple-plans">
730
+ <span class="free">* ' . esc_html__('FREE', 'wp-letsencrypt-ssl') . '</span>
731
+ <span class="pro">* ' . esc_html__('PRO', 'wp-letsencrypt-ssl') . '</span>
732
  </div>
733
  <div class="wple-plan-compare">
734
  <div class="wple-compare-item">
735
  <img src="' . WPLE_URL . 'admin/assets/verified.png"/>
736
+ <h4>' . esc_html__('HTTP Verification', 'wp-letsencrypt-ssl') . '</h4>
737
  <span class="wple-free">' . $manual . '</span>
738
  <span class="wple-pro">' . $automatic . '</span>
739
  </div>
740
  <div class="wple-compare-item">
741
  <img src="' . WPLE_URL . 'admin/assets/DNS.png"/>
742
+ <h4>' . esc_html__('DNS Verification', 'wp-letsencrypt-ssl') . ' <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="' . esc_attr__('In case of HTTP verification fail / not possible', 'wp-letsencrypt-ssl') . '"></span></h4>
743
  <span class="wple-free">' . $manual . '</span>
744
  <span class="wple-pro">' . $automatic . '</span>
745
  </div>
746
  <div class="wple-compare-item">
747
  <img src="' . WPLE_URL . 'admin/assets/Install.png"/>
748
+ <h4>' . esc_html__('SSL Installation', 'wp-letsencrypt-ssl') . ' <!--<span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="' . esc_attr__('PRO - We offer one time free manual support for non-cPanel based sites', 'wp-letsencrypt-ssl') . '"></span>--></h4>
749
  <span class="wple-free">' . $manual . '</span>
750
  <span class="wple-pro">' . $automatic . '</span>
751
  </div>
752
  <div class="wple-compare-item">
753
  <img src="' . WPLE_URL . 'admin/assets/renewal.png"/>
754
+ <h4>' . esc_html__('SSL Renewal', 'wp-letsencrypt-ssl') . ' <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="' . esc_attr__('Free users must manually renew / re-generate SSL certificate every 90 days.', 'wp-letsencrypt-ssl') . '"></span></h4>
755
  <span class="wple-free">' . $manual . '</span>
756
  <span class="wple-pro">' . $automatic . '</span>
757
  </div>
758
  <div class="wple-compare-item">
759
  <img src="' . WPLE_URL . 'admin/assets/wildcard.png"/>
760
+ <h4>' . esc_html__('Wildcard SSL', 'wp-letsencrypt-ssl') . ' <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="' . esc_attr__('PRO - Your domain DNS must be managed by cPanel or Godaddy for full automation', 'wp-letsencrypt-ssl') . '"></span></h4>
761
+ <span class="wple-free">' . esc_html__('Not Available', 'wp-letsencrypt-ssl') . '</span>
762
+ <span class="wple-pro">' . esc_html__('Available', 'wp-letsencrypt-ssl') . '</span>
763
  </div>
764
  <div class="wple-compare-item">
765
  <img src="' . WPLE_URL . 'admin/assets/multisite.png"/>
766
+ <h4>' . esc_html__('Multisite Support', 'wp-letsencrypt-ssl') . ' <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="' . esc_attr__('PRO - Support for Multisite + Mapped domains', 'wp-letsencrypt-ssl') . '"></span></h4>
767
+ <span class="wple-free">' . esc_html__('Not Available', 'wp-letsencrypt-ssl') . '</span>
768
+ <span class="wple-pro">' . esc_html__('Available', 'wp-letsencrypt-ssl') . '</span>
769
  </div>
770
  </div>';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
771
  }
772
+
773
+ ///$html .= '<div style="text-align:center"><img src="' . WPLE_URL . '/admin/assets/new-year.png"></div>';
774
+ $html .= '<div class="wple-upgrade-pro">
775
+ <a href="' . $compareurl . '" target="_blank" class="wplecompare">' . esc_html__('COMPARE FREE & PRO VERSION', 'wp-letsencrypt-ssl') . ' <span class="dashicons dashicons-external"></span></a>';
776
+ // if (isset($_GET['success']) && FALSE == $nopricing) {
777
+ // $html .= '<a href="' . $upgradeurl . '">' . esc_html__('UPGRADE TO PRO', 'wp-letsencrypt-ssl') . '<span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="Requires cPanel or root SSH access"></span></a>
778
+ // <a href="https://wpencryption.com/#firewall" target="_blank">' . esc_html__('UPGRADE TO FIREWALL', 'wp-letsencrypt-ssl') . '<span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="Why buy an SSL alone when you can get Premium SSL + CDN + Firewall Security for even lower cost."></span></a>';
779
+ // } else {
780
+ // if ($nopricing) {
781
+ // $html .= '<a href="' . $upgradeurl . '">' . esc_html__('UPGRADE TO CDN', 'wp-letsencrypt-ssl') . '</a>';
782
+ // } else {
783
+ $html .= '<a href="' . $upgradeurl . '">' . esc_html__('UPGRADE TO PRO', 'wp-letsencrypt-ssl') . '</a>';
784
+ //}
785
+ //$html .= '<a href="https://checkout.freemius.com/mode/dialog/plugin/5090/plan/10643/" target="_blank" id="upgradetocdn">' . esc_html__('UPGRADE TO CDN', 'wp-letsencrypt-ssl') . ' <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="Sky rocket your WordPress site performance with Fastest Content Delivery Network + Premium Sectigo SSL"></span></a>';
786
+ // }
787
+ $html .= '</div>';
788
+ // $rnd = rand(0, 1);
789
+ // if ($rnd) {
790
+ // $html .= '<div class="wple-hire-expert"><a href="https://wpencryption.com/cdn-firewall/?utm_campaign=wpencryptionsite&utm_medium=checkoutcdn&utm_source=upgradeblock" target="_blank">Sky Rocket your site speed with our <strong>CDN</strong> plan (<strong>Includes SSL + Performance</strong>) <span class="dashicons dashicons-external"></span></a></div>';
791
+ // } else {
792
+ // $html .= '<div class="wple-hire-expert"><a href="https://wpencryption.com/hire-ssl-expert/?utm_campaign=wpencryptionsite&utm_medium=hiresslexpert&utm_source=upgradeblock" target="_blank">Too busy? <b>Hire an expert</b> for secure migration to HTTPS (<b>ONE YEAR PRO LICENSE FREE</b>) <span class="dashicons dashicons-external"></span></a></div>';
793
+ // }
794
+ $html .= '</div><!--wple-upgradepro-->';
795
+ $html .= '<div id="ourotherplugin">Check out our another awesome plugin <a href="https://wordpress.org/plugins/go-viral/" target="_blank"><img src="' . WPLE_URL . 'admin/assets/goviral-logo.png"/> - All in one social toolkit</a></div>';
796
+ }
797
+
798
+ /**
799
+ * Success Message block
800
+ *
801
+ * @param string $html
802
+ * @since 2.5.0
803
+ * @return void
804
+ */
805
+ public function wple_success_block(&$html)
806
+ {
807
+ //since 2.4.0
808
+
809
+ if (isset($_GET['success'])) {
810
+ $this->wple_wellknown_htaccess();
811
+ update_option('wple_error', 5);
812
+ //all success
813
+ $html .= '
814
  <div id="wple-sslgenerator">
815
  <div class="wple-success-form">';
816
+ // if (!isset($_GET['resume']) && !isset($_GET['nossl'])) {
817
+ // $this->wple_send_success_mail();
818
+ // }
819
+ $html .= '<h2><span class="dashicons dashicons-yes"></span>&nbsp;' . WPLE_Trait::wple_kses(__('<b>Congrats! SSL Certificate have been successfully generated.</b>', 'wp-letsencrypt-ssl')) . '</h2>
820
+ <h3 style="width: 87%; margin: 0px auto; color: #7b8279; font-weight:400;">' . WPLE_Trait::wple_kses(__('We just completed major task of generating SSL certificate! Now we have ONE final step to complete.', 'wp-letsencrypt-ssl')) . '</h3>';
821
+ $html .= WPLE_Trait::wple_progress_bar();
822
+ ///$nopricing = get_option('wple_no_pricing');
823
+ //$colclass = FALSE != $nopricing ? 'wple-three-cols' : '';
824
+ $html .= '
825
 
826
  <div class="wple-success-flex">
827
  <div class="wple-success-flex-video">
829
  </div>
830
  <div class="wple-success-flex-final">
831
  <ul class="download-ssl-certs">
832
+ <li>1. ' . sprintf(__('%sClick here%s to login into your cPanel.', 'wp-letsencrypt-ssl'), '<a href="' . site_url('cpanel') . '" target="_blank">', '</a>') . '</li>
833
+ <li>2. ' . sprintf(__('Open %sSSL/TLS%s option on your cPanel', 'wp-letsencrypt-ssl'), '<strong><img src="' . WPLE_URL . '/admin/assets/tls.png" style="width: 20px;margin-bottom: -5px;">&nbsp;', '</strong>') . '</li>
834
+ <li>3. ' . sprintf(__('Click on %sManage SSL Sites%s option', 'wp-letsencrypt-ssl'), '<strong>', '</strong>') . '</li>
835
  <li>4. ' . sprintf(
836
+ __('Copy the contents of %sCertificate.crt%s, %sPrivate.pem%s, %sCABundle.crt%s files from below & paste them into its appropriate fields on cPanel', 'wp-letsencrypt-ssl'),
837
+ '<strong>',
838
+ '</strong>',
839
+ '<strong>',
840
+ '</strong>',
841
+ '<strong>',
842
+ '</strong>'
843
+ ) . '. ' . esc_html("You can also download the cert files to your local computer, right click > open with notepad to view/copy", "wp-letsencrypt-ssl") . '</li>
844
  <li>';
845
+ WPLE_Trait::wple_copy_and_download($html);
846
+ $html .= '</li>
847
+ <li>5. ' . sprintf(__('Click on %sInstall certificate%s', 'wp-letsencrypt-ssl'), '<strong>', '</strong>') . '</li>
848
+ <li>6. ' . sprintf(__('Please wait few minutes and click on %sEnable HTTPS Now%s button', 'wp-letsencrypt-ssl'), '<strong>', '</strong>') . '</li>
849
  </ul>
850
 
851
  </div>
853
 
854
  <div class="wple-success-cols wple-three-cols">
855
  <div>
856
+ <h3>' . esc_html__("Don't have cPanel?", 'wp-letsencrypt-ssl') . '</h3>
857
+ <p>' . esc_html__("cPanel link goes to 404 not found page?. ", 'wp-letsencrypt-ssl') . sprintf(
858
+ __("If you have root SSH access, edit your server config file and point your SSL paths to %scertificate.crt%s & %sprivate.pem%s files in %skeys/%s folder. If you don't have either cPanel or root SSH access, Upgrade to %sPRO%s version for automatic SSL installation and automatic SSL renewal.", 'wp-letsencrypt-ssl'),
859
+ '<strong>',
860
+ '</strong>',
861
+ '<strong>',
862
+ '</strong>',
863
+ '<strong>',
864
+ '</strong>',
865
+ '<a href="' . admin_url('/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=8210&plan_name=pro&billing_cycle=annual&pricing_id=7965&currency=usd') . '"><strong>',
866
+ '</strong></a>'
867
+ ) . '<br><br><span style="display:none">' . sprintf(__('You can also upgrade to our %sCDN%s plan to avail fully automatic SSL + Fastest CDN + Firewall Security.', 'wp-letsencrypt-ssl'), '<a href="https://wpencryption.com/cdn-firewall/" target="_blank">', '</a>') . '</span></p>
868
  </div>
869
  <div>
870
+ <h3>' . esc_html__("Test SSL Installation", 'wp-letsencrypt-ssl') . '</h3>
871
+ <p>' . esc_html__("After installing SSL certs on your cPanel, open your site in https:// and click on padlock to see if valid certificate exists. You can also test your site's SSL on SSLLabs.com", "wp-letsencrypt-ssl") . '</p>
872
  </div>
873
  <div>
874
+ <h3>' . esc_html__("By Clicking Enable HTTPS", 'wp-letsencrypt-ssl') . '</h3>
875
+ <p>' . esc_html__('Your site & admin url will be changed to https:// and all assets, js, css, images will strictly load over https:// to avoid mixed content errors.', 'wp-letsencrypt-ssl') . '</p>
876
  </div>';
877
+ // if (FALSE == $nopricing) {
878
+ // $html .= '<div>
879
+ // <h3>' . esc_html__("Looking for instant SSL solution?", 'wp-letsencrypt-ssl') . '</h3>
880
+ // <p>' . sprintf(__('Why pay for an SSL certificate alone when you can get %sPremium Sectigo SSL%s + %sCDN Performance%s + %sSecurity Firewall%s for even lower cost with our %sCDN%s Service.', 'wp-letsencrypt-ssl'), '<strong>', '</strong>', '<strong>', '</strong>', '<strong>', '</strong>', '<a href="https://wpencryption.com/cdn-firewall/?utm_campaign=wpencryption&utm_source=wordpress&utm_medium=gocdn" target="_blank">', '</a>') . '!.</p>
881
+ // </div>';
882
+ // }
883
+ $html .= '</div>
884
 
885
  <ul>
886
+ <!--<li>' . WPLE_Trait::wple_kses(__('<b>Note:</b> Use below "Enable HTTPS" button ONLY after SSL certificate is successfully installed on your cPanel', 'wp-letsencrypt-ssl')) . '</li>-->
887
  </ul>';
888
+ if (isset($_GET['nossl'])) {
889
+ $html .= '<h3 style="color:#ff4343;margin-bottom:10px;margin: 0 auto 10px; max-width: 800px;">' . esc_html__('We could not detect valid SSL certificate installed on your site!. Please try after some time. You can also try opening wp-admin via https:// and click on enable https button.', 'wp-letsencrypt-ssl') . '</h3>
890
+ <p>' . esc_html__('Switching to HTTPS without properly installing the SSL certificate might break your site.', 'wp-letsencrypt-ssl') . '</p>';
891
+ }
892
+ $html .= '<form method="post">
893
  ' . wp_nonce_field(
894
+ 'wplehttps',
895
+ 'sslready',
896
+ false,
897
+ false
898
+ ) . '
899
+ <button type="submit" name="wple-https">' . esc_html__('ENABLE HTTPS NOW', 'wp-letsencrypt-ssl') . '</button>
900
  </form>
901
  </div>
902
  </div><!--wple-sslgenerator-->';
 
 
903
  }
904
+ }
905
+
906
+ /**
907
+ * Show pending challenges
908
+ *
909
+ * @return void
910
+ */
911
+ public function wple_domain_verification()
912
+ {
913
+ //since 5.1.0
914
+
915
+ if (isset($_GET['restart'])) {
916
+ //click to restart from beginning
917
+ delete_option('wple_error');
918
+ delete_option('wple_complete');
919
+ wp_redirect(admin_url('/admin.php?page=wp_encryption'), 302);
920
+ exit;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
921
  }
922
+
923
+
924
+ if (isset($_GET['complete'])) {
925
+ //Forced SSL completion flag
926
+ delete_option('wple_error');
927
+ update_option('wple_complete', 1);
928
+ update_option('wple_backend', 1);
929
+ if (wp_next_scheduled('wple_ssl_renewal')) {
930
+ wp_clear_scheduled_hook('wple_ssl_renewal');
931
+ }
932
+ wp_redirect(admin_url('/admin.php?page=wp_encryption'), 302);
933
+ exit;
934
+ }
935
+
936
+ $estage = get_option('wple_error');
937
+ //redirections
938
+
939
+ if (FALSE !== $estage && $estage == 2 && !isset($_GET['subdir']) && !isset($_GET['error']) && !isset($_GET['includewww']) && !isset($_GET['wpleauto']) && isset($_GET['page']) && $_GET['page'] == 'wp_encryption' && !isset($_GET['success']) && !isset($_GET['wplereset']) && !isset($_GET['comparison']) && !isset($_GET['lasterror'])) {
940
+ wp_redirect(admin_url('/admin.php?page=wp_encryption&subdir=1'), 302);
941
+ exit;
942
+ }
943
+
944
+
945
+ if (FALSE !== $estage && $estage == 5 && !isset($_GET['subdir']) && !isset($_GET['error']) && !isset($_GET['includewww']) && !isset($_GET['wpleauto']) && isset($_GET['page']) && $_GET['page'] == 'wp_encryption' && !isset($_GET['resume']) && !isset($_GET['nossl']) && !isset($_GET['wplereset']) && !isset($_GET['comparison']) && !isset($_GET['nocpanel'])) {
946
+ wp_redirect(admin_url('/admin.php?page=wp_encryption&success=1&resume=1'), 302);
947
+ exit;
948
+ }
949
+ }
950
+
951
+ /**
952
+ * Error Message block
953
+ *
954
+ * @param string $html
955
+ * @since 2.5.0
956
+ * @return void
957
+ */
958
+ public function wple_error_block(&$html)
959
+ {
960
+ if (!isset($_GET['subdir']) && !isset($_GET['success'])) {
961
+
962
+ if (isset($_GET['sperror'])) { } else {
963
+
964
+ if (isset($_GET['error']) || FALSE != ($error_code = get_option('wple_error'))) {
965
+ $error_code = get_option('wple_error');
966
+ $generic = esc_html__('There was some issue while generating SSL for your site. Please check debug log or try Reset option once.', 'wp-letsencrypt-ssl');
967
+ $generic .= '<p style="font-size:16px;color:#888">' . sprintf(esc_html__('Feel free to open support ticket at %s for any help.', 'wp-letsencrypt-ssl'), 'https://wordpress.org/support/plugin/wp-letsencrypt-ssl/#new-topic-0') . '</p>';
968
+ $firerec = sprintf(
969
+ esc_html__("We highly recommend upgrading to our %sPRO%s annual plan for %sPremium SSL%s with automatic %sCDN%s + %sFirewall Security%s that works on ANY host.", 'wp-letsencrypt-ssl'),
970
+ '<a href="' . admin_url('/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=8210&plan_name=pro&billing_cycle=annual&pricing_id=7965&currency=usd') . '">',
971
+ '</a>',
972
+ '<strong>',
973
+ '</strong>',
974
+ '<strong>',
975
+ '</strong>',
976
+ '<strong>',
977
+ '</strong>'
978
+ );
979
+ $thirdparty = esc_html__("Your hosting server don't seem to support third party SSL.", "wp-letsencrypt-ssl");
980
+
981
+ if (FALSE !== $error_code && ($error_code == 1 || $error_code == 400)) {
982
+ $generic .= '<p class="firepro">' . $thirdparty . ' ' . $firerec . '</p>';
983
+ } else {
984
+ if (file_exists(ABSPATH . 'keys/certificate.crt')) {
985
+ $generic .= '<br><br>' . WPLE_Trait::wple_kses(__('You already seem to have certificate generated and stored. Please try downloading certs from <strong>Download SSL Certificates</strong> page and open in a text editor like notepad to check if certificate is not empty.', 'wp-letsencrypt-ssl'));
986
+ }
987
+ }
988
+
989
+
990
+ if (FALSE !== $error_code && $error_code == 429) {
991
+ $generic = sprintf(esc_html__('Too many registration attempts from your IP address (%s). Please try after 2-3 hours.', 'wp-letsencrypt-ssl'), 'https://letsencrypt.org/docs/rate-limits/');
992
+ $generic .= '<p class="firepro">' . $firerec . '</p>';
993
+ $generic .= '<p style="font-size:17px;color:#888">' . sprintf(esc_html__('Feel free to open support ticket at %s for any help.', 'wp-letsencrypt-ssl'), 'https://wordpress.org/support/plugin/wp-letsencrypt-ssl/#new-topic-0') . '</p>';
994
+ }
995
+
996
+ if ($error_code != 5) {
997
+ $html .= '
998
  <div id="wple-sslgenerator" class="error">
999
  <div class="wple-error-message">
1000
  ' . $generic . '
1001
  </div>
1002
  </div><!--wple-sslgenerator-->';
1003
+ }
 
 
 
 
1004
  }
1005
+ }
1006
  }
1007
+ }
1008
+
1009
+ /**
1010
+ * Handles review box actions
1011
+ *
1012
+ * @since 4.4.0
1013
+ * @return void
1014
+ */
1015
+ public function wple_review_handler()
1016
+ {
1017
+ //since 5.0.0
1018
+ $this->wple_intro_pricing_handler();
1019
+ }
1020
+
1021
+ /**
1022
+ * Sets review flag to show review request
1023
+ *
1024
+ * @since 4.4.0
1025
+ */
1026
+ public function wple_set_review_flag()
1027
+ {
1028
+ update_option('wple_show_review', 1);
1029
+ }
1030
+
1031
+ /**
1032
+ * Handle the reset keys action
1033
+ *
1034
+ * @since 4.5.0
1035
+ * @return void
1036
+ */
1037
+ public function wple_reset_handler()
1038
+ {
1039
+
1040
+ if (isset($_GET['wplereset'])) {
1041
+ if (!current_user_can('manage_options')) {
1042
+ exit('No Trespassing Allowed');
1043
+ }
1044
+ if (!wp_verify_nonce($_GET['wplereset'], 'restartwple')) {
1045
+ exit('No Trespassing Allowed');
1046
+ }
1047
+ $keys = ABSPATH . 'keys/';
1048
+ $files = array(
1049
+ $keys . 'public.pem',
1050
+ $keys . 'private.pem',
1051
+ $keys . 'order',
1052
+ $keys . 'fullchain.crt',
1053
+ $keys . 'certificate.crt',
1054
+ $keys . '__account/private.pem',
1055
+ $keys . '__account/public.pem'
1056
+ );
1057
+ foreach ($files as $file) {
1058
+ if (file_exists($file)) {
1059
+ unlink($file);
1060
+ }
1061
+ }
1062
+ delete_option('wple_error');
1063
+ delete_option('wple_complete');
1064
+ delete_option('wple_backend');
1065
+ ///if (wple_fs()->can_use_premium_code__premium_only()) {
1066
+ delete_option('wple_firewall_stage');
1067
+ delete_option('wple_spmode_dns');
1068
+ delete_option('wple_spmode_activated');
1069
+ ///}
1070
+ add_action('admin_notices', array($this, 'wple_reset_success'));
1071
  }
1072
+
1073
+ //since 4.6.0
1074
+
1075
+ if (isset($_GET['wplesslrenew'])) {
1076
+ if (!wp_verify_nonce($_GET['wplesslrenew'], 'wple_renewed')) {
1077
+ exit('Unauthorized');
1078
+ }
1079
+ delete_option('wple_show_reminder');
1080
+ wp_redirect(admin_url('/admin.php?page=wp_encryption'), 302);
1081
  }
1082
+ }
1083
+
1084
+ /**
1085
+ * Reset success notice
1086
+ *
1087
+ * @since 4.5.0
1088
+ */
1089
+ public function wple_reset_success()
1090
+ {
1091
+ echo '<div class="notice notice-success is-dismissable">
1092
+ <p>' . esc_html('Reset successful!. You can start with the SSL install process again.', 'wp-letsencrypt-ssl') . '</p>
1093
+ </div>';
1094
+ }
1095
+
1096
+ /**
1097
+ * Local check DNS records via Ajax
1098
+ *
1099
+ * @since 4.6.0
1100
+ * @return void
1101
+ */
1102
+ public function wple_ajx_verify_dns()
1103
+ {
1104
+
1105
+ if (isset($_POST['nc'])) {
1106
+ if (!wp_verify_nonce($_POST['nc'], 'verifydnsrecords')) {
1107
+ exit('Unauthorized');
1108
+ }
1109
+ $toVerify = get_option('wple_opts');
1110
+
1111
+ if (array_key_exists('dns_challenges', $toVerify) && !empty($toVerify['dns_challenges'])) {
1112
+ $toVerify = $dnspendings = $toVerify['dns_challenges'];
1113
+ //array
1114
+ foreach ($toVerify as $index => $item) {
1115
+ $domain_code = explode('||', $item);
1116
+ $acme = '_acme-challenge.' . esc_html($domain_code[0]);
1117
+ $requestURL = 'https://dns.google.com/resolve?name=' . addslashes($acme) . '&type=TXT';
1118
+ $handle = curl_init();
1119
+ curl_setopt($handle, CURLOPT_URL, $requestURL);
1120
+ curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
1121
+ curl_setopt($handle, CURLOPT_FOLLOWLOCATION, true);
1122
+ $response = json_decode(trim(curl_exec($handle)));
1123
+
1124
+ if ($response->Status === 0 && isset($response->Answer)) {
1125
+ //if ($answer->type == 16) {
1126
+ $found = 'Pending';
1127
+ foreach ($response->Answer as $answer) {
1128
+ $livecode = str_ireplace('"', '', $answer->data);
1129
+
1130
+ if ($livecode == $domain_code[1]) {
1131
+ unset($dnspendings[$index]);
1132
+ $found = 'OK';
1133
+ }
1134
  }
1135
+ WPLE_Trait::wple_logger("\n" . esc_html($requestURL . ' should return ' . $domain_code[1] . ' -> ' . $found) . "\n");
1136
+ } else {
1137
+ $ledebug = WPLE_Trait::wple_lets_debug('dns-01');
1138
+
1139
+ if ($ledebug != false) {
1140
+ echo $ledebug;
1141
+ exit;
 
 
 
 
 
 
 
1142
  }
1143
+
1144
+ echo 'fail';
1145
+ exit;
1146
+ }
 
 
 
 
 
1147
  }
1148
+
1149
+ if (empty($dnspendings)) {
1150
+ WPLE_Trait::wple_logger(
1151
+ "Local check - All DNS challenges verified\n",
1152
+ 'success',
1153
+ 'a',
1154
+ false
1155
+ );
1156
+ echo 1;
1157
+ exit;
1158
+ } else {
1159
+ $ledebug = WPLE_Trait::wple_lets_debug('dns-01');
1160
+
1161
+ if ($ledebug != false) {
1162
+ echo $ledebug;
1163
+ exit;
1164
+ }
1165
+
1166
+ echo 'fail';
1167
+ exit;
1168
  }
1169
+ } else {
1170
+
1171
+ if (empty($toVerify['dns_challenges'])) {
1172
+ WPLE_Trait::wple_logger(
1173
+ "Local check - DNS challenges empty\n",
1174
+ 'success',
1175
+ 'a',
1176
+ false
1177
+ );
1178
+ echo 1;
1179
+ exit;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1180
  }
1181
+ }
 
 
 
1182
  }
1183
+
1184
+ WPLE_Trait::wple_send_log_data();
1185
+ echo 'fail';
1186
+ exit;
1187
+ }
1188
+
1189
+ /**
1190
+ * Show expiry reminder in admin notice
1191
+ *
1192
+ * @see 4.6.0
1193
+ * @return void
1194
+ */
1195
+ public function wple_start_show_reminder()
1196
+ {
1197
+
1198
+ if (FALSE !== get_option('wple_ssl_monitoring')) {
1199
+ update_option('wple_show_reminder', 1);
1200
+ $opts = get_option('wple_opts');
1201
+ $to = (isset($opts['email']) && !empty($opts['email']) ? sanitize_email($opts['email']) : get_option('admin_email'));
1202
+ $subject = sprintf(esc_html__('ATTENTION - SSL Certificate of %s expires in just 10 days', 'wp-letsencrypt-ssl'), str_ireplace(array('https://', 'http://'), array('', ''), site_url()));
1203
+ $headers = array('Content-Type: text/html; charset=UTF-8');
1204
+ $body = '<p>' . sprintf(esc_html__('Your SSL Certificate is expiring soon!. Please make sure to re-generate new SSL Certificate using %sWP Encryption%s and install it on your hosting server to avoid site showing insecure warning with expired certificate.', 'wp-letsencrypt-ssl'), '<a href="' . admin_url('/admin.php?page=wp_encryption', 'http') . '">', '</a>') . '</p><br /><br />';
1205
+ $body .= '<b>' . esc_html__('Tired of manual SSL renewal every 90 days?, Upgrade to PRO version for automatic SSL installation and automatic SSL renewal', 'wp-letsencrypt-ssl') . '. <br><a href="' . admin_url('/admin.php?page=wp_encryption-pricing', 'http') . '" style="background: #0073aa; text-decoration: none; color: #fff; padding: 12px 20px; display: inline-block; margin: 10px 0; font-weight: bold;">' . esc_html__('UPGRADE TO PREMIUM', 'wp-letsencrypt-ssl') . '</a></b><br /><br />';
1206
+ wp_mail(
1207
+ $to,
1208
+ $subject,
1209
+ $body,
1210
+ $headers
1211
+ );
1212
  }
1213
+ }
1214
+
1215
+ public function wple_reminder_notice()
1216
+ {
1217
+ $already_did = wp_nonce_url(admin_url('admin.php?page=wp_encryption'), 'wple_renewed', 'wplesslrenew');
1218
+ $html = '<div class="notice notice-info wple-admin-review">
1219
  <div class="wple-review-box wple-reminder-notice">
1220
  <img src="' . WPLE_URL . 'admin/assets/symbol.png"/>
1221
+ <span><strong>WP ENCRYPTION: ' . esc_html__('Your SSL certificate expires in less than 10 days', 'wp-letsencrypt-ssl') . '</strong><p>' . WPLE_Trait::wple_kses(__('Renew your SSL certificate today to avoid your site from showing as insecure. Please support our contribution by upgrading to <strong>Pro</strong> and avail automatic SSL renewal with automatic SSL installation.', 'wp-letsencrypt-ssl')) . '</p></span>
1222
  </div>
1223
+ <a class="wple-lets-review wplerevbtn" href="' . admin_url('/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=8210&plan_name=pro&billing_cycle=lifetime&pricing_id=7965&currency=usd') . '">' . esc_html__('Upgrade to Pro', 'wp-letsencrypt-ssl') . '</a>
1224
+ <a class="already-renewed wplerevbtn" href="' . $already_did . '">' . esc_html__('I already renewed', 'wp-letsencrypt-ssl') . '&nbsp;<span class="dashicons dashicons-smiley"></span></a>
1225
  </div>';
1226
+ echo $html;
1227
+ }
1228
+
1229
+ /**
1230
+ * Manual HTTP challenges for subdir sites
1231
+ *
1232
+ * @since 4.7.0
1233
+ * @param string $html
1234
+ * @param array $opts
1235
+ * @return string
1236
+ */
1237
+ public function wple_subdir_challenges(&$html, $opts)
1238
+ {
1239
+ if (isset($_GET['subdir'])) {
1240
+ $html .= '
1241
  <div id="wple-sslgenerator">
1242
  <div class="wple-success-form">
1243
+ ' . WPLE_Subdir_Challenge_Helper::show_challenges($opts) . '
1244
  </div>
1245
  </div><!--wple-sslgenerator-->';
 
1246
  }
1247
+ }
1248
+
1249
+ /**
1250
+ * Local check HTTP records via Ajax for subdir sites
1251
+ *
1252
+ * @since 4.7.0
1253
+ * @return void
1254
+ */
1255
+ public function wple_ajx_verify_http()
1256
+ {
1257
+
1258
+ if (isset($_POST['nc'])) {
1259
+ if (!wp_verify_nonce($_POST['nc'], 'verifyhttprecords')) {
1260
+ exit('Unauthorized');
1261
+ }
1262
+ $domain = str_ireplace(array('https://', 'http://'), '', site_url());
1263
+ if (stripos($domain, '/') != FALSE) {
1264
+ //subdir site
1265
+ $domain = substr($domain, 0, stripos($domain, '/'));
1266
+ }
1267
+ $opts = get_option('wple_opts');
1268
+ $httpch = $opts['challenge_files'];
1269
+
1270
+ if (empty($httpch)) {
1271
+ echo 'empty';
1272
+ exit;
1273
+ }
1274
+
1275
+ $counter = get_option('wple_failed_verification');
1276
+ $curl_exists = function_exists('curl_init');
1277
+ if ($curl_exists) {
1278
+ foreach ($httpch as $index => $ch) {
1279
+ $chfile = sanitize_file_name($ch['file']);
1280
+ $chval = esc_html($ch['value']);
1281
+ $fpath = trailingslashit(ABSPATH) . '.well-known/acme-challenge/';
1282
+
1283
+ if ($counter >= 5) {
1284
+ if (!file_exists($fpath)) {
1285
+ mkdir($fpath, 0775, true);
1286
  }
1287
+ WPLE_Trait::wple_logger('Helping with HTTP challenge file', 'success', 'a');
1288
+ file_put_contents($fpath . $chfile, trim($chval));
1289
+ }
1290
+
1291
+ $acmefilepath = $fpath . $chfile;
1292
+
1293
+ if (file_exists($acmefilepath . '.txt')) {
1294
+ unlink($acmefilepath . '.txt');
1295
+ file_put_contents($acmefilepath, trim($chval));
1296
+ }
1297
+
1298
+ //cleanup htaccess files
1299
+ $ABS = trailingslashit(ABSPATH);
1300
+ if (file_exists($ABS . '.well-known/.htaccess')) {
1301
+ unlink($ABS . '.well-known/.htaccess');
1302
+ }
1303
+ if (file_exists($ABS . '.well-known/acme-challenge/.htaccess')) {
1304
+ unlink($ABS . '.well-known/acme-challenge/.htaccess');
1305
+ }
1306
+ $check = LEFunctions::checkHTTPChallenge(
1307
+ $domain,
1308
+ $chfile,
1309
+ $chval,
1310
+ false
1311
+ );
1312
+ $chfileexists = file_exists($fpath . $chfile);
1313
+
1314
+ if (!$check && $chfileexists) {
1315
+ if (!file_exists($fpath)) {
1316
+ mkdir($fpath, 0775, true);
1317
  }
1318
+ WPLE_Trait::wple_logger('Local file exists - Trying to help with HTTP challenge file', 'success', 'a');
1319
+ file_put_contents($fpath . $chfile, trim($chval));
1320
+ //re-check once
1321
+ $check = LEFunctions::checkHTTPChallenge(
1322
+ $domain,
1323
+ $chfile,
1324
+ $chval,
1325
+ false
1326
+ );
1327
+
1328
+ if (!$check) {
1329
+ echo 'not_possible';
1330
+ exit;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1331
  }
1332
+ }
1333
+
1334
+ // if ($check === true) {
1335
+ // //skip
1336
+ // } else if ($check == 200 && $chfileexists) {
1337
+ // $check = 2;
1338
+ // } else {
1339
+
1340
+ if (!$check) {
1341
+
1342
+ if (FALSE === $counter) {
1343
+ update_option('wple_failed_verification', 1);
1344
+ } else {
1345
+ update_option('wple_failed_verification', $counter + 1);
1346
  }
1347
+
1348
  WPLE_Trait::wple_logger(
1349
+ "HTTP challenge file (" . $domain . "/.well-known/acme-challenge/" . $chfile . ") checked locally - found invalid ({$chfileexists})",
1350
+ 'success',
1351
+ 'a',
1352
+ false
1353
  );
1354
+ WPLE_Trait::wple_send_log_data();
1355
+ $ledebug = WPLE_Trait::wple_lets_debug('http-01');
1356
+
1357
+ if ($ledebug != false) {
1358
+ echo $ledebug;
1359
+ exit;
1360
+ }
1361
+
1362
+ echo 'fail';
1363
  exit;
1364
+ }
1365
+ }
1366
+ }
1367
+ // if ($check == 2) {
1368
+ // WPLE_Trait::wple_logger("Local check - Found challenge file in acme-challenge => proceeding to ACME verification\n", 'success', 'a', false);
1369
+ // delete_option('wple_failed_verification');
1370
+ // echo 1;
1371
+ // exit();
1372
+ // }
1373
+ if (!$curl_exists) {
1374
+ WPLE_Trait::wple_logger(
1375
+ "HTTP local verification skipped due to non-availability of CURL\n",
1376
+ 'success',
1377
+ 'a',
1378
+ false
1379
+ );
1380
+ }
1381
+ WPLE_Trait::wple_logger(
1382
+ "Local check - All HTTP challenges verified\n",
1383
+ 'success',
1384
+ 'a',
1385
+ false
1386
+ );
1387
+ delete_option('wple_failed_verification');
1388
+ echo 1;
1389
+ exit;
1390
  }
1391
+ }
1392
+
1393
+ /**
1394
+ * Continue process on wpleauto param
1395
+ *
1396
+ * @return void
1397
+ */
1398
+ public function wple_continue_certification()
1399
+ {
1400
+
1401
+ if (isset($_GET['wpleauto'])) {
1402
+ $leopts = get_option('wple_opts');
1403
+
1404
+ if ($_GET['wpleauto'] == 'http') {
1405
+ new WPLE_Core($leopts);
1406
+ } else {
1407
+ //DNS
1408
+ new WPLE_Core(
1409
+ $leopts,
1410
+ true,
1411
+ false,
1412
+ true
1413
+ );
1414
+ }
 
 
1415
  }
1416
+ }
1417
+
1418
+ /**
1419
+ * Simple success notice for admin
1420
+ *
1421
+ * @since 4.7.2
1422
+ * @return void
1423
+ */
1424
+ public function wple_success_notice()
1425
+ {
1426
+ $html = '<div class="notice notice-success">
1427
+ <p>' . esc_html__('Success', 'wp-letsencrypt-ssl') . '!</p>
1428
  </div>';
1429
+ echo $html;
1430
+ }
1431
+
1432
+ /**
1433
+ * Show Pricing table once on activation
1434
+ *
1435
+ * @since 5.0.0
1436
+ * @param string $html
1437
+ * @return $html
1438
+ */
1439
+ public function wple_initial_quick_pricing(&$html)
1440
+ {
1441
+ $host = site_url();
1442
+ if (FALSE != ($slashpos = stripos($host, '/', 9))) {
1443
+ $host = substr($host, 0, $slashpos);
1444
  }
1445
+ $cp = $host . ':2083';
1446
+ if (FALSE === stripos($host, 'https')) {
1447
+ $cp = $host . ':2082';
1448
+ }
1449
+ $response = wp_remote_get($cp, [
1450
+ 'headers' => [
1451
+ 'Connection' => 'close',
1452
+ ],
1453
+ 'sslverify' => false,
1454
+ 'timeout' => 30,
1455
+ ]);
1456
+ $cpanel = true;
1457
+ if (is_wp_error($response)) {
1458
+ $cpanel = false;
1459
+ }
1460
+ $html .= '<div id="wple-sslgen">';
1461
+ $cppricing = (FALSE !== stripos(ABSPATH, 'srv/htdocs') ? true : false);
1462
+
1463
+ if ($cpanel || $cppricing) {
1464
+ $show_rp = '';
1465
+ if (!$cppricing) {
1466
+ $show_rp = 1;
1467
+ }
1468
+ update_option('wple_have_cpanel', $show_rp);
1469
+ $html .= $this->wple_cpanel_pricing_table(1);
1470
+ } else {
1471
+ update_option('wple_have_cpanel', 0);
1472
+ // if (isset($_SERVER['GD_PHP_HANDLER'])) {
1473
+ // if ($_SERVER['SERVER_SOFTWARE'] == 'Apache' && isset($_SERVER['GD_PHP_HANDLER']) && $_SERVER['DOCUMENT_ROOT'] == '/var/www') {
1474
+ $html .= $this->wple_firewall_pricing_table();
1475
+ // }
1476
+ // } else {
1477
+ // $html .= $this->wple_cpanel_pricing_table('');
1478
+ // }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1479
  }
 
 
 
 
 
 
 
 
 
 
 
1480
 
1481
+ $html .= '</div>';
1482
+ echo $html;
1483
+ }
1484
 
1485
+ /**
1486
+ * Pricing table html
1487
+ *
1488
+ * @since 5.0.0
1489
+ * @return $table
1490
+ */
1491
+ public function wple_cpanel_pricing_table($cpanel = '')
1492
+ {
1493
+ ob_start();
1494
+ ?>
1495
+
1496
+ <h2 class="pricing-intro-head"><?php
1497
+ esc_html_e('SAVE MORE THAN $90+ EVERY YEAR IN SSL CERTIFICATE FEE', 'wp-letsencrypt-ssl');
1498
+ ?></h2>
1499
+
1500
+ <h4 class="pricing-intro-subhead">Purchase once and use for lifetime - Trusted Globally by <b>110,000+</b> WordPress Users (Looking for <a href="<?php
1501
+ echo admin_url('/admin.php?page=wp_encryption&gopro=3');
1502
+ ?>">Annual</a> | <a href="<?php
1503
+ echo admin_url('/admin.php?page=wp_encryption&gopro=2');
1504
+ ?>">Unlimited Sites License?</a>)</h4>
1505
 
1506
  <div style="text-align:center">
1507
+ <img src="<?php
1508
+ echo WPLE_URL;
1509
+ ?>admin/assets/limited-offer.png" style="max-width:650px" />
1510
  </div>
1511
 
1512
  <!-- <div class="plan-toggler" style="margin:60px 0 -20px !important">
1513
  <span>Annual</span><label class="toggle">
1514
+ <input class="toggle-checkbox initplan-switch" type="checkbox" <?php
1515
+ // if ($cpanel == 1) {
1516
+ // echo 'checked';
1517
+ // }
1518
+ ?>>
1519
  <div class="toggle-switch"></div>
1520
  <span class="toggle-label">Lifetime</span>
1521
  </label>
1536
  <li><strong>Basic</strong> support</li>
1537
  </ul>
1538
  <div class="pricing-btn-block">
1539
+ <a href="<?php
1540
+ echo admin_url('/admin.php?page=wp_encryption&gofree=1');
1541
+ ?>" class="pricingbtn free">Select Plan</a>
1542
  </div>
1543
  </div>
1544
 
1562
  <li><strong>Priority</strong> support <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="gowebsmarty.in"></span></li>
1563
  </ul>
1564
  <div class="pricing-btn-block">
1565
+ <a href="<?php
1566
+ echo admin_url('/admin.php?page=wp_encryption&gopro=1');
1567
+ ?>" class="pricingbtn free">Select Plan</a>
1568
  </div>
1569
  </div>
1570
 
1571
  </div>
1572
 
1573
  <br />
1574
+ <?php
1575
+ if ($cpanel != '') {
1576
  ?>
1577
  <div class="quick-refund-policy">
1578
  <strong>7 Days Refund Policy</strong>
1579
  <p>We're showing this recommendation because you have cPanel hosting where our PRO plugin is 100% guaranteed to work. Your purchase will be completely refunded if WP Encryption fail to work on your site.</p>
1580
  </div>
1581
+ <?php
1582
+ }
1583
+ ?>
1584
 
1585
+ <?php
1586
  $table = ob_get_clean();
1587
  return $table;
1588
+ }
1589
+
1590
+ public function wple_firewall_pricing_table()
1591
+ {
1592
  ob_start();
1593
  ?>
1594
 
1596
  <h4 class="pricing-intro-subhead">Upgrade to PRO today for <strong>Fully automatic SSL</strong> & get automatic <strong>CDN + Security</strong> for FREE! - Trusted Globally by <b>110,000+</b> WordPress Users <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="A complete bundle worth $360!"></span></h4>
1597
 
1598
  <div style="text-align:center">
1599
+ <img src="<?php
1600
+ echo WPLE_URL;
1601
+ ?>admin/assets/limited-offer.png" style="max-width:650px" />
1602
  </div>
1603
 
1604
  <div id="quick-pricing-table" class="non-cpanel-plans">
1614
  <li><strong>Basic</strong> support</li>
1615
  </ul>
1616
  <div class="pricing-btn-block">
1617
+ <a href="<?php
1618
+ echo admin_url('/admin.php?page=wp_encryption&gofree=1');
1619
+ ?>" class="pricingbtn free">Select Plan</a>
1620
  </div>
1621
  </div>
1622
 
1641
  <li><strong>Priority</strong> Support</li>
1642
  </ul>
1643
  <div class="pricing-btn-block">
1644
+ <a href="<?php
1645
+ echo admin_url('/admin.php?page=wp_encryption&gofirewall=1');
1646
+ ?>" class="pricingbtn free">Select Plan</a>
1647
  </div>
1648
  </div>
1649
 
1652
  7 days money back guarantee <span class="dashicons dashicons-editor-help wple-tooltip" data-tippy="If you are not satisfied with the service within 7 days of purchase, We will refund your purchase no questions asked"></span>
1653
  </div> -->
1654
 
1655
+ <?php
1656
  $table = ob_get_clean();
1657
  return $table;
1658
+ }
1659
+
1660
+ /**
1661
+ * Intro pricing table handler
1662
+ *
1663
+ * @since 5.0.0
1664
+ * @return void
1665
+ */
1666
+ public function wple_intro_pricing_handler()
1667
+ {
1668
  $goplan = '';
1669
+
1670
+ if (isset($_GET['gofree'])) {
1671
+ update_option('wple_plan_choose', 1);
1672
+ wp_redirect(admin_url('/admin.php?page=wp_encryption'), 302);
1673
+ exit;
1674
  } else {
1675
+
1676
+ if (isset($_GET['gopro'])) {
1677
+ update_option('wple_plan_choose', 1);
1678
+
1679
+ if ($_GET['gopro'] == 2) {
1680
+ //unlimited
1681
+ wp_redirect(admin_url('/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=8210&plan_name=pro&billing_cycle=annual&pricing_id=10873&currency=usd'), 302);
 
 
 
 
 
 
 
 
 
 
 
 
 
1682
  } else {
1683
+
1684
+ if ($_GET['gopro'] == 3) {
1685
+ //annual
1686
+ wp_redirect(admin_url('/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=8210&plan_name=pro&billing_cycle=annual&pricing_id=7965&currency=usd'), 302);
1687
+ } else {
1688
+ //single lifetime
1689
+ wp_redirect(admin_url('/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=8210&plan_name=pro&billing_cycle=lifetime&pricing_id=7965&currency=usd'), 302);
1690
+ }
1691
  }
1692
+
1693
+ exit;
1694
+ } else {
1695
+
1696
+ if (isset($_GET['gofirewall'])) {
1697
+ update_option('wple_plan_choose', 1);
1698
+ ///wp_redirect(admin_url('/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=11394&plan_name=pro&billing_cycle=annual&pricing_id=11717&currency=usd'), 302);
1699
+ wp_redirect(admin_url('/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=8210&plan_name=pro&billing_cycle=annual&pricing_id=7965&currency=usd'), 302);
1700
+ exit;
1701
+ }
1702
+ }
1703
  }
1704
+ }
1705
+
1706
+ /**
1707
+ * After all stages completion
1708
+ *
1709
+ * @param string $html
1710
+ * @return void
1711
+ */
1712
+ public function wple_completed_block(&$html)
1713
+ {
 
1714
  $html .= WPLE_Trait::wple_progress_bar();
1715
  $cert = ABSPATH . 'keys/certificate.crt';
1716
+ $leopts = get_option('wple_opts');
1717
+ $future = strtotime($leopts['expiry']);
1718
  //Future date.
1719
  $timefromdb = time();
1720
  $timeleft = $future - $timefromdb;
1721
+ $daysleft = round($timeleft / 24 / 60 / 60);
1722
+ $wple_support = get_option('wple_backend');
1723
+ $renewtext = esc_html__('Click Here To Renew SSL Certificate', 'wp-letsencrypt-ssl');
1724
+ $renewlink = '<a href="#" class="letsrenew wple-tooltip disabled" data-tippy="' . esc_html__('This renew button will get enabled during last 30 days of current SSL certificate expiry', 'wp-letsencrypt-ssl') . ' ' . esc_html__('You can also click on STEP 1 in above progress bar to renew/re-generate SSL Certificate again.', 'wp-letsencrypt-ssl') . '">' . $renewtext . '</a>';
1725
+ if ($daysleft <= 30) {
1726
+ $renewlink = '<a href="' . admin_url('/admin.php?page=wp_encryption&restart=1') . '" class="letsrenew">' . $renewtext . '</a>';
1727
+ }
1728
+ if ($wple_support) {
1729
+ //forced completion
1730
+ $renewlink = '';
1731
+ }
1732
+ $headline = esc_html__('Woohoo! WP Encryption just saved you $$$ in SSL Certificate Fee.', 'wp-letsencrypt-ssl');
1733
+ $sharetitle = urlencode('Generated & Installed free SSL certificate using WP ENCRYPTION WordPress plugin within minutes! Thanks for the great plugin');
1734
  $html .= '<div id="wple-completed">
1735
  <div class="wple-completed-review">
1736
  <h2>' . $headline . '</h2>
1737
  <p>' . sprintf(
1738
+ __('Can you please do us a BIG favor by leaving a %s%s%s%s%s rating on WordPress.org', 'wp-letsencrypt-ssl'),
1739
+ '<span class="dashicons dashicons-star-filled"></span>',
1740
+ '<span class="dashicons dashicons-star-filled"></span>',
1741
+ '<span class="dashicons dashicons-star-filled"></span>',
1742
+ '<span class="dashicons dashicons-star-filled"></span>',
1743
+ '<span class="dashicons dashicons-star-filled"></span>'
1744
  ) . ' <span class="wple-share-success">' . sprintf(
1745
+ __("or spread the word on %s %s %s %s", "wp-letsencrypt-ssl"),
1746
+ '<a href="https://twitter.com/share?url=https://wpencryption.com&text=' . $sharetitle . '&hashtags=wp_encryption,wordpress_ssl,wordpress_https" target="_blank" title="Twitter" class="tw">T</a>',
1747
+ '<a href="https://www.facebook.com/sharer.php?u=wpencryption.com" target="_blank" title="Facebook" class="fb">F</a>',
1748
+ '<a href="https://reddit.com/submit?url=wpencryption.com&title=' . $sharetitle . '" target="_blank" title="Reddit" class="rd">R</a>',
1749
+ '<a href="https://pinterest.com/pin/create/bookmarklet/?media=https://wpencryption.com/wp-content/uploads/2021/08/banner-772x250-1.png&url=wpencryption.com&description=' . $sharetitle . '" target="_blank" title="Pinterest" class="pt">P</a>'
1750
  ) . '</span></p>
1751
+ <a href="https://wordpress.org/support/plugin/wp-letsencrypt-ssl/reviews/#new-post" target="_blank" class="letsrate">' . esc_html__('LEAVE A RATING', 'wp-letsencrypt-ssl') . ' <span class="dashicons dashicons-external"></span></a>
1752
  ' . $renewlink . '
1753
+ <small>' . esc_html__('Just takes a moment', 'wp-letsencrypt-ssl') . '</small>
1754
  </div>';
1755
+ if (file_exists($cert) && isset($leopts['expiry']) && !$wple_support) {
1756
+ $html .= '<div class="wple-completed-remaining">
1757
+ <div class="progress--circle progress--' . esc_attr($daysleft) . '">
1758
+ <div class="progress__number"><strong>' . esc_html($daysleft) . '</strong><br><small>' . esc_html__('Days', 'wp-letsencrypt-ssl') . '</small></div>
1759
  </div>
1760
  <div class="wple-circle-expires">
1761
+ <strong>' . esc_html__('Your generated SSL certificate expires on', 'wp-letsencrypt-ssl') . ': <br><b>' . esc_html($leopts['expiry']) . '</b></strong>
1762
+ <p>' . WPLE_Trait::wple_kses(__("Let's Encrypt® SSL Certificate expires in 90 days by default. You can easily regenerate new SSL certificate using <strong>RENEW SSL CERTIFICATE</strong> option found on left or by clicking on <strong>STEP 1</strong> in progress bar.", "wp-letsencrypt-ssl")) . '<br /><br />' . WPLE_Trait::wple_kses(__('Major browsers like Chrome will start showing insecure site warning IF you fail to renew / re-generate certs before this expiry date. <strong>PLEASE NOTE: If you are using PRO version - Ignore the above expiry date as your SSL certificates will be auto renewed in background 30 days prior to expiry date.</strong>', 'wp-letsencrypt-ssl')) . ' Please clear your browser cache once.</p>
1763
  </div>
1764
  </div>';
1765
  }
1805
  // </div>';
1806
  // }
1807
  // }
1808
+ }
1809
+
1810
+ /**
1811
+ * Make verificiation possible with broken cert
1812
+ *
1813
+ * commented out to avoid redirection loops
1814
+ * @return void
1815
+ */
1816
+ public function wple_wellknown_htaccess()
1817
+ {
1818
  // $dir = ABSPATH . '.well-known/acme-challenge/.htaccess';
1819
  // if (!file_exists($dir)) {
1820
  // $file = @touch($dir);
1829
  // $ruleset .= "</IfModule>" . "\n";
1830
  // insert_with_markers($dir, 'WP_Encryption', $ruleset);
1831
  // }
1832
+ }
1833
+
1834
+ /**
1835
+ * Grouped admin init hooks
1836
+ *
1837
+ * @since 5.2.4
1838
+ * @return void
1839
+ */
1840
+ public function wple_admin_init_hooks()
1841
+ {
1842
  WPLE_Subdir_Challenge_Helper::download_challenge_files();
1843
  $this->wple_save_email_generate_certs();
1844
  $this->wple_download_files();
1847
  $this->wple_continue_certification();
1848
  $this->wple_domain_verification();
1849
  //redirects handler
1850
+ }
1851
+
1852
+ /**
1853
+ * Validate SSL button for non-cpanel
1854
+ *
1855
+ * @since 5.2.6
1856
+ * @return void
1857
+ */
1858
+ public function wple_validate_nocp_ssl()
1859
+ {
1860
+ if (!current_user_can('manage_options')) {
1861
+ exit('Unauthorized');
1862
+ }
1863
+ $basedomain = str_ireplace(array('http://', 'https://'), array('', ''), addslashes(site_url()));
1864
  //4.7
1865
+ if (FALSE != stripos($basedomain, '/')) {
1866
+ $basedomain = substr($basedomain, 0, stripos($basedomain, '/'));
1867
  }
1868
+ $client = WPLE_Trait::wple_verify_ssl($basedomain);
1869
+
1870
+ if ($client || is_ssl()) {
1871
+ $reverter = uniqid('wple');
1872
+ $savedopts = get_option('wple_opts');
1873
+ $savedopts['force_ssl'] = 1;
1874
+ $savedopts['revertnonce'] = $reverter;
1875
+ ///WPLE_Trait::wple_send_reverter_secret($reverter);
1876
+ update_option('wple_opts', $savedopts);
1877
+ delete_option('wple_error');
1878
+ //complete
1879
+ update_option('wple_complete', 1);
1880
+ update_option('siteurl', str_ireplace('http:', 'https:', get_option('siteurl')));
1881
+ update_option('home', str_ireplace('http:', 'https:', get_option('home')));
1882
+ echo 1;
1883
  } else {
1884
+ echo 0;
1885
  }
1886
+
1887
  exit;
1888
+ }
1889
+
1890
+ public function wple_expert_block(&$html, $spmode = 0)
1891
+ { }
1892
+
1893
+ /**
1894
+ * This site have mixed content issues
1895
+ *
1896
+ * @since 5.3.12
1897
+ * @return void
1898
+ */
1899
+ public function wple_mixed_content_notice()
1900
+ {
 
1901
  $html = '<div class="notice notice-info wple-admin-review wple-mx-prom">
1902
  <div class="wple-review-box">
1903
  <img src="' . WPLE_URL . 'admin/assets/symbol.png"/>
1904
+ <span><strong>Warning: ' . esc_html__('Your site have mixed content issues!', 'wp-letsencrypt-ssl') . '</strong><p>' . WPLE_Trait::wple_kses(__('Mixed content issues cause browser padlock to show as insecure even if you have installed SSL certificate perfectly. Hire an SSL Expert today to get rid of all SSL issues once and for all.', 'wp-letsencrypt-ssl')) . '</p></span>
1905
  </div>
1906
+ <a class="wple-lets-review wplerevbtn" href="https://checkout.freemius.com/mode/dialog/plugin/7616/plan/12469/licenses/1/" target="_blank">' . esc_html__('Hire SSL Expert', 'wp-letsencrypt-ssl') . '</a>
1907
+ <a class="wple-mx-ignore wplerevbtn" href="#">' . esc_html__("Don't show again", 'wp-letsencrypt-ssl') . '</a>
1908
  </div>';
1909
+ echo $html;
1910
+ }
1911
+
1912
+ /**
1913
+ * Ajax Get cert contents for copy
1914
+ *
1915
+ * @since 5.3.16
1916
+ * @return void
1917
+ */
1918
+ public function wple_retrieve_certs_forcopy()
1919
+ {
1920
+ if (!wp_verify_nonce($_GET['nc'], 'copycerts') || !current_user_can('manage_options')) {
1921
+ exit('Authorization Failure');
1922
  }
1923
  $ftype = $_GET['gettype'];
1924
  $output = '';
1925
  $keypath = ABSPATH . 'keys/';
1926
+ switch ($ftype) {
1927
+ case 'cert':
1928
+ if (file_exists($keypath . 'certificate.crt')) {
1929
+ $output = file_get_contents($keypath . 'certificate.crt');
1930
+ }
1931
+ break;
1932
+ case 'key':
1933
+ if (file_exists($keypath . 'private.pem')) {
1934
+ $output = file_get_contents($keypath . 'private.pem');
1935
+ }
1936
+ break;
1937
+ case 'cabundle':
1938
+
1939
+ if (file_exists(ABSPATH . 'keys/cabundle.crt')) {
1940
+ $output = file_get_contents(ABSPATH . 'keys/cabundle.crt');
1941
+ } else {
1942
+ $output = file_get_contents(WPLE_DIR . 'cabundle/ca.crt');
1943
+ }
1944
+
1945
+ break;
1946
  }
1947
+ echo esc_html($output);
1948
  exit;
1949
+ }
1950
+
1951
+ /**
1952
+ * Ajax check if both www & non-www domain accessible
1953
+ *
1954
+ * @since 5.6.2
1955
+ * @return void
1956
+ */
1957
+ public function wple_include_www_check()
1958
+ {
1959
+ if (!current_user_can('manage_options') || !wp_verify_nonce($_GET['nc'], 'legenerate')) {
1960
+ exit('Unauthorized request');
1961
+ }
1962
+ $maindomain = WPLE_Trait::get_root_domain(false);
1963
  $errcode = 'www';
1964
+
1965
+ if (FALSE === stripos('www', $maindomain)) {
1966
+ $altdomain = 'www.' . $maindomain;
1967
  } else {
1968
+ $errcode = 'nonwww';
1969
+ $altdomain = str_ireplace('www.', '', $maindomain);
1970
  }
1971
+
1972
+ $altdomaintest = wp_remote_head('http://' . $altdomain, array(
1973
+ 'sslverify' => false,
1974
+ 'timeout' => 30,
1975
+ ));
1976
+
1977
+ if (!is_wp_error($altdomaintest)) {
1978
+ echo 1;
1979
+ exit;
1980
  }
1981
+
1982
+ echo $errcode;
1983
  exit;
1984
+ }
1985
+
1986
+ /**
1987
+ * Backup recommendation
1988
+ *
1989
+ * @since 5.7.14
1990
+ */
1991
+ // public function wple_backup_suggestion()
1992
+ // {
1993
+ // if (!wple_fs()->is__premium_only()) {
1994
+ // if (FALSE === get_option('wple_plan_choose')) return true;
1995
+ // }
1996
+ // if (is_plugin_active('backup-bolt/backup-bolt.php')) return true;
1997
+ // $action = 'install-plugin';
1998
+ // $slug = 'backup-bolt';
1999
+ // $pluginstallURL = wp_nonce_url(
2000
+ // add_query_arg(
2001
+ // array(
2002
+ // 'action' => $action,
2003
+ // 'plugin' => $slug
2004
+ // ),
2005
+ // admin_url('update.php')
2006
+ // ),
2007
+ // $action . '_' . $slug
2008
+ // );
2009
+ // $html = '<div class="notice notice-info wple-admin-review wple-backup-suggestion">
2010
+ // <img src="' . WPLE_URL . 'admin/assets/symbol.png"/>
2011
+ // <p>Before installing SSL certificate or enforcing HTTPS, We HIGHLY recommend you backup your site using <b>"BACKUP BOLT"</b> WordPress plugin</p>
2012
+ // <a href="' . esc_url($pluginstallURL) . '" class="wple-backup-link wple-backup-install">Install & Activate Plugin</a>
2013
+ // <a href="#" class="wple-backup-link wple-backup-skip">Skip - I already have the backup</a>
2014
+ // </div>';
2015
+ // echo $html;
2016
+ // }
2017
+ public function wple_ignore_backup_suggest()
2018
+ {
2019
+ if (!current_user_can('manage_options')) {
2020
+ exit;
2021
+ }
2022
+ update_option('wple_backup_suggested', true);
2023
+ echo 1;
2024
  exit;
2025
+ }
2026
+
2027
+ public function wple_oneyearprom($reasons)
2028
+ {
2029
  $reasons['long-term'][] = $reasons['short-term'][] = array(
2030
+ 'id' => 20,
2031
+ 'text' => '<a href="https://wpencryption.com/?utm_source=wordpress&utm_medium=oneyearssl" target="_blank"><img src="' . WPLE_URL . 'admin/assets/1-year-ssl.png"/></a>',
2032
+ 'input_type' => '',
2033
+ 'input_placeholder' => 'oneyearssl',
2034
  );
2035
  return $reasons;
2036
+ }
2037
  }
 
 
admin/le_admin_pages.php CHANGED
@@ -188,7 +188,7 @@ class WPLE_SubAdmin extends WPLE_Admin_Page
188
  <span class="checkbox-custom rectangular"></span>
189
  </label>
190
 
191
- <label class="' . $htaccessdisabled . '">' . esc_html__( 'Force SSL via HTACCESS (Server level redirect - Faster)', 'wp-letsencrypt-ssl' ) . ' - ' . esc_html__( 'Most suitable for new sites & sites using proxies', 'wp-letsencrypt-ssl' ) . $htaccessdisabledmsg . '</label><br /><br />
192
 
193
  <label class="checkbox-label" style="float:left">
194
  <input type="radio" name="wple_forcessl" value="1" ' . $checked . '>
@@ -349,8 +349,7 @@ class WPLE_SubAdmin extends WPLE_Admin_Page
349
  $page .= '<br><hr><h2 id="howitworks">How it works?</h2>
350
  <p>First of all, thank you for choosing WP Encryption!. In order to transform your <b>HTTP://</b> site to <b>HTTPS://</b>, you need to have valid SSL certificate installed on your site first. The steps are as below:<br><br>1. Run the SSL install form of WP Encryption<br>2. Complete basic domain verification via HTTP file upload or DNS challenge following video tutorials provided on verification page<br>3. Finally download and install the generated <b>SSL certificate file</b> & <b>key</b> on your hosting panel or cPanel. <br>4. If you already have valid SSL certificate installed on site, feel free to skip above steps and directly enable "Force HTTPS" feature of WP Encryption.<br><a href="' . admin_url( '/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=8210&plan_name=pro&billing_cycle=lifetime&pricing_id=7965&currency=usd' ) . '">Upgrade to PRO</a> to enjoy fully <b>automatic</b> domain verification, <b>automatic</b> SSL installation & <b>automatic</b> SSL renewal.</p>
351
  <br>
352
- <p>If you don\'t have either cPanel or root SSH access, you can opt for our <a href="' . admin_url( '/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=8210&plan_name=pro&billing_cycle=annual&pricing_id=7965&currency=usd' ) . '">Annual Pro</a> solution which works on ANY hosting platform & offers you free automatic CDN boosting your site speed and firewall security (All you need to do is modify your domain DNS record to finish the setup) or you can buy 1 year premium SSL Certificate from below,</p>
353
- <a href="https://checkout.freemius.com/mode/dialog/plugin/11510/plan/19608/" target="_blank" style="text-align: center; display: block;"><img src="' . WPLE_URL . 'admin/assets/1-year-ssl.png"/></a>
354
  <br>
355
  <p>Once after you are done with the challenging part of SSL installation, please go to <b>SSL HEALTH</b> page of WP Encryption and enable necessary HTTPS redirection, mixed content fixer, etc. If one or the other pages on your site is showing insecure padlock, you could run the <b>Advanced Insecure Content Scanner</b> of WP Encryption to detect insecure <b>http://</b> links and change them to <b>https://</b> to resolve the issue.</p>
356
  <br>
@@ -576,14 +575,16 @@ class WPLE_SubAdmin extends WPLE_Admin_Page
576
  private function wple_ssl_score()
577
  {
578
  $scorecard = array(
579
- 'valid_ssl' => 30,
580
  'ssl_redirect' => 10,
581
  'mixed_content_fixer' => 10,
582
  'hsts' => 10,
583
  'security_headers' => 10,
 
584
  'tls_version' => 10,
585
  'ssl_auto_renew' => 20,
586
  'improve_security' => 0,
 
587
  );
588
  $scoredefinitions = array(
589
  'valid_ssl' => 'Valid SSL Certificate exists (<a href="' . get_site_url() . '/wp-admin/admin.php?page=wp_encryption">Install SSL Now</a>).',
@@ -591,6 +592,8 @@ class WPLE_SubAdmin extends WPLE_Admin_Page
591
  'mixed_content_fixer' => 'Mixed content fixer enabled',
592
  'hsts' => 'HSTS Strict Transport header enabled',
593
  'security_headers' => 'Important security headers enabled',
 
 
594
  'tls_version' => 'TLS version up-to-date',
595
  'ssl_auto_renew' => 'SSL certificate is set to auto renew (<a href="' . get_site_url() . '/wp-admin/admin.php?page=wp_encryption-pricing">Premium</a>)',
596
  'improve_security' => 'Improve security with WP Encryption Pro (<a href="' . get_site_url() . '/wp-admin/admin.php?page=wp_encryption-pricing">Premium</a>)',
@@ -648,7 +651,7 @@ class WPLE_SubAdmin extends WPLE_Admin_Page
648
  $featurelist .= '</ul>';
649
  $scorecolor = ( $score >= 30 && $score <= 70 ? 'e2d754' : (( $score > 70 ? '67d467' : 'ff5252' )) );
650
  $output = '<div class="wple-ssl-score">
651
- <h2>SSL Score</h2>';
652
  $output .= '<div class="wple-score">' . (int) $score . '</div>
653
  <div class="wple-scorebar"><span data-width="' . (int) $score . '" style="width:' . (int) $score . '%;background:#' . esc_attr( $scorecolor ) . '"></span></div>';
654
  if ( $score == 80 ) {
@@ -695,6 +698,9 @@ class WPLE_SubAdmin extends WPLE_Admin_Page
695
  case 'mixed_content_fixer':
696
  case 'hsts':
697
  case 'security_headers':
 
 
 
698
  if ( get_option( 'wple_' . $key ) ) {
699
  return 1;
700
  }
@@ -743,7 +749,19 @@ class WPLE_SubAdmin extends WPLE_Admin_Page
743
  ],
744
  'Enable Important Security Headers' => [
745
  'key' => 'security_headers',
746
- 'desc' => 'Implements important security headers eliminating man in the middle attacks & improves site security',
 
 
 
 
 
 
 
 
 
 
 
 
747
  ],
748
  );
749
  $output = '<div class="wple-ssl-settings" data-update="' . wp_create_nonce( 'wplesettingsupdate' ) . '">
@@ -755,7 +773,7 @@ class WPLE_SubAdmin extends WPLE_Admin_Page
755
  <span></span>
756
  <label class="toggle">
757
  <input class="toggle-checkbox wple-setting" data-opt="' . esc_attr( $optarr['key'] ) . '" type="checkbox" ' . checked( get_option( "wple_" . esc_attr( $optarr['key'] ) ), "1", false ) . '>
758
- <div class="toggle-switch" style="transform: scale(0.7);"></div>
759
 
760
  </label>
761
  </div>';
@@ -783,7 +801,10 @@ class WPLE_SubAdmin extends WPLE_Admin_Page
783
  'mixed_content_fixer',
784
  'hsts',
785
  'security_headers',
786
- 'upgrade_insecure'
 
 
 
787
  );
788
 
789
  if ( !in_array( $opt, $allowed ) ) {
@@ -795,16 +816,16 @@ class WPLE_SubAdmin extends WPLE_Admin_Page
795
 
796
  if ( $val == 0 ) {
797
  delete_option( "wple_" . $opt );
798
- if ( $opt != 'upgrade_insecure' ) {
799
  $out = -10;
800
  }
801
  $this->wple_addremove_security_headers( $out, $opt, $val );
802
  } else {
803
- if ( $opt != 'upgrade_insecure' ) {
804
  $out = 10;
805
  }
806
 
807
- if ( false == get_option( 'wple_ssl_valid' ) ) {
808
  $out = 1;
809
  echo $out ;
810
  exit;
@@ -854,6 +875,80 @@ class WPLE_SubAdmin extends WPLE_Admin_Page
854
  }
855
 
856
  return $out;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
857
  }
858
 
859
  }
@@ -867,7 +962,7 @@ class WPLE_SubAdmin extends WPLE_Admin_Page
867
  'title' => "SSL {$notifications}",
868
  'href' => admin_url( 'admin.php?page=wp_encryption_ssl_health' ),
869
  'meta' => array(
870
- 'title' => __( 'SSL Health' ),
871
  ),
872
  ) );
873
  }
188
  <span class="checkbox-custom rectangular"></span>
189
  </label>
190
 
191
+ <label class="' . $htaccessdisabled . '">' . esc_html__( 'Force SSL via HTACCESS (Server level 301 redirect - Faster)', 'wp-letsencrypt-ssl' ) . ' - ' . esc_html__( 'Most suitable for new sites & sites using proxies', 'wp-letsencrypt-ssl' ) . $htaccessdisabledmsg . '</label><br /><br />
192
 
193
  <label class="checkbox-label" style="float:left">
194
  <input type="radio" name="wple_forcessl" value="1" ' . $checked . '>
349
  $page .= '<br><hr><h2 id="howitworks">How it works?</h2>
350
  <p>First of all, thank you for choosing WP Encryption!. In order to transform your <b>HTTP://</b> site to <b>HTTPS://</b>, you need to have valid SSL certificate installed on your site first. The steps are as below:<br><br>1. Run the SSL install form of WP Encryption<br>2. Complete basic domain verification via HTTP file upload or DNS challenge following video tutorials provided on verification page<br>3. Finally download and install the generated <b>SSL certificate file</b> & <b>key</b> on your hosting panel or cPanel. <br>4. If you already have valid SSL certificate installed on site, feel free to skip above steps and directly enable "Force HTTPS" feature of WP Encryption.<br><a href="' . admin_url( '/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=8210&plan_name=pro&billing_cycle=lifetime&pricing_id=7965&currency=usd' ) . '">Upgrade to PRO</a> to enjoy fully <b>automatic</b> domain verification, <b>automatic</b> SSL installation & <b>automatic</b> SSL renewal.</p>
351
  <br>
352
+ <p>If you don\'t have either cPanel or root SSH access, you can opt for our <a href="' . admin_url( '/admin.php?page=wp_encryption-pricing&checkout=true&plan_id=8210&plan_name=pro&billing_cycle=annual&pricing_id=7965&currency=usd' ) . '">Annual Pro</a> solution which works on ANY hosting platform & offers you free automatic CDN boosting your site speed and firewall security (All you need to do is modify your domain DNS record to finish the setup).</p>
 
353
  <br>
354
  <p>Once after you are done with the challenging part of SSL installation, please go to <b>SSL HEALTH</b> page of WP Encryption and enable necessary HTTPS redirection, mixed content fixer, etc. If one or the other pages on your site is showing insecure padlock, you could run the <b>Advanced Insecure Content Scanner</b> of WP Encryption to detect insecure <b>http://</b> links and change them to <b>https://</b> to resolve the issue.</p>
355
  <br>
575
  private function wple_ssl_score()
576
  {
577
  $scorecard = array(
578
+ 'valid_ssl' => 20,
579
  'ssl_redirect' => 10,
580
  'mixed_content_fixer' => 10,
581
  'hsts' => 10,
582
  'security_headers' => 10,
583
+ 'httponly_cookies' => 10,
584
  'tls_version' => 10,
585
  'ssl_auto_renew' => 20,
586
  'improve_security' => 0,
587
+ 'ssl_monitoring' => 0,
588
  );
589
  $scoredefinitions = array(
590
  'valid_ssl' => 'Valid SSL Certificate exists (<a href="' . get_site_url() . '/wp-admin/admin.php?page=wp_encryption">Install SSL Now</a>).',
592
  'mixed_content_fixer' => 'Mixed content fixer enabled',
593
  'hsts' => 'HSTS Strict Transport header enabled',
594
  'security_headers' => 'Important security headers enabled',
595
+ 'httponly_cookies' => 'HttpOnly secure cookies enabled',
596
+ 'ssl_monitoring' => 'SSL monitoring enabled',
597
  'tls_version' => 'TLS version up-to-date',
598
  'ssl_auto_renew' => 'SSL certificate is set to auto renew (<a href="' . get_site_url() . '/wp-admin/admin.php?page=wp_encryption-pricing">Premium</a>)',
599
  'improve_security' => 'Improve security with WP Encryption Pro (<a href="' . get_site_url() . '/wp-admin/admin.php?page=wp_encryption-pricing">Premium</a>)',
651
  $featurelist .= '</ul>';
652
  $scorecolor = ( $score >= 30 && $score <= 70 ? 'e2d754' : (( $score > 70 ? '67d467' : 'ff5252' )) );
653
  $output = '<div class="wple-ssl-score">
654
+ <h2 style="color:#444"><img src="' . WPLE_URL . 'admin/assets/shield.png" style=" float: left; margin: -2px 8px 0 0;"/> SSL Score</h2>';
655
  $output .= '<div class="wple-score">' . (int) $score . '</div>
656
  <div class="wple-scorebar"><span data-width="' . (int) $score . '" style="width:' . (int) $score . '%;background:#' . esc_attr( $scorecolor ) . '"></span></div>';
657
  if ( $score == 80 ) {
698
  case 'mixed_content_fixer':
699
  case 'hsts':
700
  case 'security_headers':
701
+ case 'httponly_cookies':
702
+ case 'ssl_monitoring':
703
+ case 'disable_directory_listing':
704
  if ( get_option( 'wple_' . $key ) ) {
705
  return 1;
706
  }
749
  ],
750
  'Enable Important Security Headers' => [
751
  'key' => 'security_headers',
752
+ 'desc' => 'Implements important security headers like X-XSS-Protection, Referrer-Policy, X-Content-Type-Options eliminating man in the middle attacks & improves site security',
753
+ ],
754
+ 'Enable HttpOnly Secure Cookies' => [
755
+ 'key' => 'httponly_cookies',
756
+ 'desc' => 'Cookies are accessible server side only. Even if XSS flaw exists in client side or user accidently access a link exploting the flaw, client side script cannot read the cookies',
757
+ ],
758
+ 'Disable directory listing' => [
759
+ 'key' => 'disable_directory_listing',
760
+ 'desc' => 'Disable directory browsing on Apache servers to avoid visibility of file structure on front-end',
761
+ ],
762
+ 'Enable SSL Monitoring' => [
763
+ 'key' => 'ssl_monitoring',
764
+ 'desc' => 'You will get automated email as well as dashboard notification when SSL is expiring within 10 days',
765
  ],
766
  );
767
  $output = '<div class="wple-ssl-settings" data-update="' . wp_create_nonce( 'wplesettingsupdate' ) . '">
773
  <span></span>
774
  <label class="toggle">
775
  <input class="toggle-checkbox wple-setting" data-opt="' . esc_attr( $optarr['key'] ) . '" type="checkbox" ' . checked( get_option( "wple_" . esc_attr( $optarr['key'] ) ), "1", false ) . '>
776
+ <div class="toggle-switch" style="transform: scale(0.6);"></div>
777
 
778
  </label>
779
  </div>';
801
  'mixed_content_fixer',
802
  'hsts',
803
  'security_headers',
804
+ 'upgrade_insecure',
805
+ 'disable_directory_listing',
806
+ 'httponly_cookies',
807
+ 'ssl_monitoring'
808
  );
809
 
810
  if ( !in_array( $opt, $allowed ) ) {
816
 
817
  if ( $val == 0 ) {
818
  delete_option( "wple_" . $opt );
819
+ if ( $opt != 'upgrade_insecure' && $opt != 'disable_directory_listing' && $opt != 'ssl_monitoring' ) {
820
  $out = -10;
821
  }
822
  $this->wple_addremove_security_headers( $out, $opt, $val );
823
  } else {
824
+ if ( $opt != 'upgrade_insecure' && $opt != 'disable_directory_listing' && $opt != 'ssl_monitoring' ) {
825
  $out = 10;
826
  }
827
 
828
+ if ( false == get_option( 'wple_ssl_valid' ) && $opt != 'disable_directory_listing' && $opt != 'httponly_cookies' ) {
829
  $out = 1;
830
  echo $out ;
831
  exit;
875
  }
876
 
877
  return $out;
878
+ } else {
879
+
880
+ if ( $opt == 'disable_directory_listing' ) {
881
+
882
+ if ( !is_writable( ABSPATH . '.htaccess' ) ) {
883
+ delete_option( "wple_{$opt}" );
884
+ $out = 'htaccessnotwritable';
885
+ return $out;
886
+ }
887
+
888
+
889
+ if ( $val == 1 ) {
890
+ //add request
891
+
892
+ if ( is_writable( ABSPATH . '.htaccess' ) ) {
893
+ WPLE_Trait::wple_remove_directory_listing();
894
+ $htaccess = file_get_contents( ABSPATH . '.htaccess' );
895
+ $getrules = WPLE_Trait::compose_directory_listing_rules();
896
+ $wpruleset = "# BEGIN WordPress";
897
+
898
+ if ( strpos( $htaccess, $wpruleset ) !== false ) {
899
+ $newhtaccess = str_replace( $wpruleset, $getrules . $wpruleset, $htaccess );
900
+ } else {
901
+ $newhtaccess = $htaccess . $getrules;
902
+ }
903
+
904
+ insert_with_markers( ABSPATH . '.htaccess', '', $newhtaccess );
905
+ }
906
+
907
+ } else {
908
+ //remove request
909
+ WPLE_Trait::wple_remove_directory_listing();
910
+ }
911
+
912
+ return $out;
913
+ } else {
914
+
915
+ if ( $opt == 'httponly_cookies' ) {
916
+
917
+ if ( !is_writable( ABSPATH . 'wp-config.php' ) ) {
918
+ delete_option( "wple_{$opt}" );
919
+ $out = 'wpconfignotwritable';
920
+ return $out;
921
+ }
922
+
923
+
924
+ if ( $val == 1 ) {
925
+ $config = file_get_contents( ABSPATH . "wp-config.php" );
926
+
927
+ if ( FALSE == strpos( $config, 'WP_ENCRYPTION_COOKIES' ) ) {
928
+ $config = preg_replace( "/^([\r\n\t ]*)(\\<\\?)(php)?/i", '<?php ' . "\n" . '# BEGIN WP_ENCRYPTION_COOKIES' . "\n" . "@ini_set('session.cookie_httponly', true);" . "\n" . "@ini_set('session.use_only_cookies', true);" . "\n" . "@ini_set('session.cookie_secure', true);" . "\n" . '# END WP_ENCRYPTION_COOKIES' . "\n", $config );
929
+ file_put_contents( ABSPATH . "wp-config.php", $config );
930
+ }
931
+
932
+ } else {
933
+
934
+ if ( is_writable( ABSPATH . 'wp-config.php' ) ) {
935
+ $htaccess = file_get_contents( ABSPATH . 'wp-config.php' );
936
+ $group = "/#\\s?BEGIN\\s?WP_ENCRYPTION_COOKIES.*?#\\s?END\\s?WP_ENCRYPTION_COOKIES/s";
937
+
938
+ if ( preg_match( $group, $htaccess ) ) {
939
+ $modhtaccess = preg_replace( $group, "", $htaccess );
940
+ file_put_contents( ABSPATH . 'wp-config.php', $modhtaccess );
941
+ }
942
+
943
+ }
944
+
945
+ }
946
+
947
+ return $out;
948
+ }
949
+
950
+ }
951
+
952
  }
953
 
954
  }
962
  'title' => "SSL {$notifications}",
963
  'href' => admin_url( 'admin.php?page=wp_encryption_ssl_health' ),
964
  'meta' => array(
965
+ 'title' => __( 'SSL Health', 'wp-letsencrypt-ssl' ),
966
  ),
967
  ) );
968
  }
classes/le-core.php CHANGED
@@ -670,11 +670,14 @@ class WPLE_Core
670
 
671
  if ( $rsponse != trim( $challenge['content'] ) && !isset( $_GET['wpleauto'] ) ) {
672
  update_option( 'wple_error', 2 );
 
 
 
 
673
  $this->wple_log( esc_html__( "Offering manual verification procedure.", 'wp-letsencrypt-ssl' ) . " \n", 'success', 'a' );
674
  if ( FALSE != ($dlog = get_option( 'wple_send_usage' )) && $dlog ) {
675
  $this->wple_send_usage_data();
676
  }
677
- $this->wple_save_all_challenges();
678
  wp_redirect( admin_url( '/admin.php?page=wp_encryption&subdir=1' ), 302 );
679
  exit;
680
  }
670
 
671
  if ( $rsponse != trim( $challenge['content'] ) && !isset( $_GET['wpleauto'] ) ) {
672
  update_option( 'wple_error', 2 );
673
+ $this->wple_save_all_challenges();
674
+ $updated = get_option( "wple_opts" );
675
+ $this->wple_log( "HTTP Challenges --> " . json_encode( $updated['challenge_files'] ), 'success', 'a' );
676
+ $this->wple_log( "DNS Challenges --> " . json_encode( $updated['dns_challenges'] ), 'success', 'a' );
677
  $this->wple_log( esc_html__( "Offering manual verification procedure.", 'wp-letsencrypt-ssl' ) . " \n", 'success', 'a' );
678
  if ( FALSE != ($dlog = get_option( 'wple_send_usage' )) && $dlog ) {
679
  $this->wple_send_usage_data();
680
  }
 
681
  wp_redirect( admin_url( '/admin.php?page=wp_encryption&subdir=1' ), 302 );
682
  exit;
683
  }
classes/le-trait.php CHANGED
@@ -562,6 +562,37 @@ class WPLE_Trait
562
 
563
  }
564
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
565
  /**
566
  * cPanel existence check
567
  * mx header support check
@@ -665,6 +696,11 @@ class WPLE_Trait
665
  $to = date( 'd-m-Y', $activecert['validTo_time_t'] );
666
  $html .= '<br><b>Valid From</b>: ' . esc_html( $from ) . '<br><br>';
667
  $html .= '<b>Valid Till</b>: ' . esc_html( $to ) . '<br><br>';
 
 
 
 
 
668
  $html .= '</div>';
669
  return $html;
670
  }
562
 
563
  }
564
 
565
+ /**
566
+ * Add htaccess rules to disable directory listing
567
+ *
568
+ * @since 5.8.4
569
+ * @return newhtaccess
570
+ */
571
+ public static function compose_directory_listing_rules()
572
+ {
573
+ $rule = "\n" . "# BEGIN WP_Encryption_Disable_Directory_Listing\n";
574
+ $rule .= "Options -Indexes" . "\n";
575
+ $rule .= "# END WP_Encryption_Disable_Directory_Listing" . "\n";
576
+ $finalrule = preg_replace( "/\n+/", "\n", $rule );
577
+ return $finalrule;
578
+ }
579
+
580
+ public static function wple_remove_directory_listing()
581
+ {
582
+
583
+ if ( is_writable( ABSPATH . '.htaccess' ) ) {
584
+ $htaccess = file_get_contents( ABSPATH . '.htaccess' );
585
+ $group = "/#\\s?BEGIN\\s?WP_Encryption_Disable_Directory_Listing.*?#\\s?END\\s?WP_Encryption_Disable_Directory_Listing/s";
586
+
587
+ if ( preg_match( $group, $htaccess ) ) {
588
+ $modhtaccess = preg_replace( $group, "", $htaccess );
589
+ file_put_contents( ABSPATH . '.htaccess', $modhtaccess );
590
+ }
591
+
592
+ }
593
+
594
+ }
595
+
596
  /**
597
  * cPanel existence check
598
  * mx header support check
696
  $to = date( 'd-m-Y', $activecert['validTo_time_t'] );
697
  $html .= '<br><b>Valid From</b>: ' . esc_html( $from ) . '<br><br>';
698
  $html .= '<b>Valid Till</b>: ' . esc_html( $to ) . '<br><br>';
699
+ //5.8.4 - reschedule reminder based on installed SSL instead of LE cert generated
700
+ if ( wp_next_scheduled( 'wple_ssl_reminder_notice' ) ) {
701
+ wp_clear_scheduled_hook( 'wple_ssl_reminder_notice' );
702
+ }
703
+ wp_schedule_single_event( strtotime( '-10 day', strtotime( $to ) ), 'wple_ssl_reminder_notice' );
704
  $html .= '</div>';
705
  return $html;
706
  }
lib/LEConnector.php CHANGED
@@ -116,6 +116,7 @@ class LEConnector
116
  curl_setopt($handle, CURLOPT_HTTPHEADER, $headers);
117
  curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
118
  curl_setopt($handle, CURLOPT_HEADER, true);
 
119
 
120
  switch ($method) {
121
  case 'GET':
116
  curl_setopt($handle, CURLOPT_HTTPHEADER, $headers);
117
  curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
118
  curl_setopt($handle, CURLOPT_HEADER, true);
119
+ curl_setopt($handle, CURLOPT_SSL_VERIFYPEER, false);
120
 
121
  switch ($method) {
122
  case 'GET':
readme.txt CHANGED
@@ -1,19 +1,19 @@
1
  === WP Encryption - One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content ===
2
  Contributors: gowebsmarty, gwsharsha
3
- Tags: ssl,https,https redirect,ssl certificate,free ssl,force https,mixed content,insecure content,enable https,install ssl
4
  Requires at least: 4.2
5
  License: GPL3
6
  Tested up to: 6.1
7
  Requires PHP: 5.4
8
- Stable tag: 5.8.3
9
 
10
- Super simple SSL solution - Install free SSL certificate & enable secure HTTPS padlock, secure mail w/ HTTPS, HTTPS redirect, fix SSL errors, SSL score, insecure content scanner, download SSL certificate, know your active SSL details.
11
 
12
  == Description ==
13
 
14
- HTTPS for lifetime - Generate free Let's Encrypt SSL certificate for your WordPress site and force SSL / HTTPS sitewide, check your SSL score, fix insecure content & mixed content issues easily. Enable HTTPS secure padlock on your site within minutes.
15
 
16
- Secure your WordPress site with SSL certificate provided by [Let's Encrypt®](https://letsencrypt.com). [WP Encryption](https://wpencryption.com/?utm_source=wordpress&utm_medium=description&utm_campaign=wpencryption) plugin registers your site, verifies your domain, generates SSL certificate for your site in simple mouse clicks without the need of any technical knowledge.
17
 
18
  A typical SSL installation without WP Encryption would require you to generate CSR, prove domain ownership, provide your bussiness data and deal with many more technical tasks!.
19
 
@@ -26,15 +26,14 @@ PHP 5.4 & tested upto PHP 8.0, Linux hosting, OpenSSL, CURL, allow_url_fopen sho
26
 
27
  == FREE SSL PLUGIN FEATURES ==
28
  * Verify domain ownership and generate free SSL certificate
29
- * Secure webmail and email with SSL certificate
30
  * Download generated SSL certificate, key and Intermediate certificate files
31
- * Force HTTPS / Enable HTTPS redirection sitewide in one click
32
  * HTTPS redirection includes redirect loop fix for Cloudflare, StackPath, Load balancers and reverse proxies.
33
- * SSL Health page - Track your SSL score and control various SSL features
 
34
  * Enable mixed content / insecure content fixer
35
- * Upgrade insecure requests
36
- * HSTS Strict transport security Headers
37
- * Automatic email notification prior to SSL certificate expiration
38
 
39
  (Optional) Running WordPress on a specialized VPS/Dedicated server without cPanel? You can download the generated SSL certificate files easily via "Download SSL Certificates" page and install it on your server by modifying server config file via SSH access as explained in our [DOCS](https://wpencryption.com/docs/).
40
 
@@ -150,6 +149,10 @@ Security is an important subject regarding SSL/TLS certificates, of course. It i
150
 
151
  == Changelog ==
152
 
 
 
 
 
153
  = 5.8.2 =
154
  * HTTP challenge fail cases
155
 
1
  === WP Encryption - One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content ===
2
  Contributors: gowebsmarty, gwsharsha
3
+ Tags: ssl,https,https redirect,ssl certificate,force https,mixed content,insecure content,enable https,install ssl,https padlock
4
  Requires at least: 4.2
5
  License: GPL3
6
  Tested up to: 6.1
7
  Requires PHP: 5.4
8
+ Stable tag: 5.8.4
9
 
10
+ Lifetime SSL solution - Install free SSL certificate & enable secure HTTPS padlock, HTTPS redirect, secure mail w/ HTTPS, fix SSL errors, SSL score, insecure content scanner, download SSL certificate, know your active SSL details.
11
 
12
  == Description ==
13
 
14
+ Secure your WordPress site with SSL certificate provided by [Let's Encrypt®](https://letsencrypt.com) and force SSL / HTTPS sitewide, check your SSL score, fix insecure content & mixed content issues easily. Enable HTTPS secure padlock on your site within minutes.
15
 
16
+ [WP Encryption](https://wpencryption.com/?utm_source=wordpress&utm_medium=description&utm_campaign=wpencryption) plugin registers your site, verifies your domain, generates SSL certificate for your site in simple mouse clicks without the need of any technical knowledge.
17
 
18
  A typical SSL installation without WP Encryption would require you to generate CSR, prove domain ownership, provide your bussiness data and deal with many more technical tasks!.
19
 
26
 
27
  == FREE SSL PLUGIN FEATURES ==
28
  * Verify domain ownership and generate free SSL certificate
29
+ * Secure webmail and email with HTTPS
30
  * Download generated SSL certificate, key and Intermediate certificate files
31
+ * Force HTTPS / Enable HTTPS 301 redirection sitewide in one click
32
  * HTTPS redirection includes redirect loop fix for Cloudflare, StackPath, Load balancers and reverse proxies.
33
+ * SSL Health page - Track your SSL score and control various SSL & Security features like HSTS strict transport security Header, HttpOnly secure cookies, etc,.
34
+ * Enable important security headers including X-XSS-Protection, X-Content-Type-Options, Referrer-Policy
35
  * Enable mixed content / insecure content fixer
36
+ * SSL monitoring & Automatic email notification prior to SSL certificate expiration
 
 
37
 
38
  (Optional) Running WordPress on a specialized VPS/Dedicated server without cPanel? You can download the generated SSL certificate files easily via "Download SSL Certificates" page and install it on your server by modifying server config file via SSH access as explained in our [DOCS](https://wpencryption.com/docs/).
39
 
149
 
150
  == Changelog ==
151
 
152
+ = 5.8.4 =
153
+ * SSL monitoring
154
+ * security features added
155
+
156
  = 5.8.2 =
157
  * HTTP challenge fail cases
158
 
wp-letsencrypt.php CHANGED
@@ -7,7 +7,7 @@
7
  * Plugin Name: WP Encryption - One Click SSL & Force HTTPS
8
  * Plugin URI: https://wpencryption.com
9
  * Description: Secure your WordPress site with free SSL certificate and force HTTPS throughout the site. Just activating this plugin won't help! - Please run the SSL install form of WP Encryption found on left panel.
10
- * Version: 5.8.3
11
  * Author: WP Encryption SSL
12
  * Author URI: https://wpencryption.com
13
  * License: GNU General Public License v3.0
@@ -34,7 +34,7 @@ if ( !defined( 'ABSPATH' ) ) {
34
  * Definitions
35
  */
36
  if ( !defined( 'WPLE_PLUGIN_VERSION' ) ) {
37
- define( 'WPLE_PLUGIN_VERSION', '5.8.3' );
38
  }
39
  if ( !defined( 'WPLE_BASE' ) ) {
40
  define( 'WPLE_BASE', plugin_basename( __FILE__ ) );
7
  * Plugin Name: WP Encryption - One Click SSL & Force HTTPS
8
  * Plugin URI: https://wpencryption.com
9
  * Description: Secure your WordPress site with free SSL certificate and force HTTPS throughout the site. Just activating this plugin won't help! - Please run the SSL install form of WP Encryption found on left panel.
10
+ * Version: 5.8.4
11
  * Author: WP Encryption SSL
12
  * Author URI: https://wpencryption.com
13
  * License: GNU General Public License v3.0
34
  * Definitions
35
  */
36
  if ( !defined( 'WPLE_PLUGIN_VERSION' ) ) {
37
+ define( 'WPLE_PLUGIN_VERSION', '5.8.4' );
38
  }
39
  if ( !defined( 'WPLE_BASE' ) ) {
40
  define( 'WPLE_BASE', plugin_basename( __FILE__ ) );