Shield Security for WordPress - Version 3.0.0

Version Description

  • FEATURE: User Management. Phase 1 - create user sessions to track current and attempted logged in users.
  • CHANGED: MASSIVE plugin refactoring for better performance and faster, more reliable future development of features
  • ADDED: Obscurity Feature - ability to remove the WP Generator meta tag.
  • ADDED: ability to change user login session length in days
  • ADDED: ability to set session idle timeout in hours
  • ADDED: ability to lock session to a particular IP address (2-factor auth by IP is separate)
  • ADDED: ability to view active user sessions
  • ADDED: ability to view last page visited for active sessions
  • ADDED: ability to view last active time for active sessions
  • ADDED: ability to view failed or attempted logins in the past 48hrs
  • ADDED: Support for GASP login using WooCommerce
  • CHANGED: Admin Access Restriction now has a separate options/feature page
  • CHANGED: Admin styling to better see some selected options
  • ADDED: Support for WP Wall shoutbox plugin (does no GASP comment checks)
  • CHANGED: Removed support for upgrading from versions prior to 2.0
  • CHANGED: Removed support for importing from Firewall 2 plugin - to import, manually install plugin v2.6.6, import settings, then upgrade.
Download this release

Release Info

Developer paultgoodchild
Plugin Icon 128x128 Shield Security for WordPress
Version 3.0.0
Comparing to
See all releases

Code changes from version 2.6.6 to 3.0.0

Files changed (54) hide show
  1. icwp-wpsf-main.php +479 -0
  2. icwp-wpsf.php +115 -907
  3. readme.txt +20 -1
  4. resources/css/plugin.css +20 -3
  5. src/icwp-base-processor.php +96 -117
  6. src/icwp-basedb-processor.php +76 -65
  7. src/icwp-data-processor.php +48 -9
  8. src/icwp-feature-master.php +0 -337
  9. src/icwp-import-wpf2-processor.php +2 -2
  10. src/icwp-optionshandler-admin_access_restriction.php +201 -0
  11. src/icwp-optionshandler-autoupdates.php +61 -31
  12. src/icwp-optionshandler-base.php +553 -217
  13. src/{icwp-optionshandler-commentsfilter.php → icwp-optionshandler-comments_filter.php} +26 -13
  14. src/icwp-optionshandler-email.php +30 -15
  15. src/icwp-optionshandler-firewall.php +53 -16
  16. src/icwp-optionshandler-lockdown.php +42 -13
  17. src/icwp-optionshandler-logging.php +31 -9
  18. src/{icwp-optionshandler-loginprotect.php → icwp-optionshandler-login_protect.php} +86 -24
  19. src/icwp-optionshandler-plugin.php +199 -0
  20. src/{icwp-optionshandler-privacyprotect.php → icwp-optionshandler-privacy_protect.php} +39 -12
  21. src/icwp-optionshandler-user_management.php +133 -0
  22. src/icwp-optionshandler-wpsf.php +0 -248
  23. src/icwp-processor-adminaccessrestriction.php +61 -0
  24. src/icwp-processor-autoupdates.php +35 -34
  25. src/icwp-processor-commentsfilter.php +112 -81
  26. src/icwp-processor-email.php +44 -33
  27. src/icwp-processor-firewall.php +55 -62
  28. src/icwp-processor-lockdown.php +10 -5
  29. src/icwp-processor-logging.php +14 -11
  30. src/icwp-processor-loginprotect.php +65 -119
  31. src/icwp-processor-plugin.php +86 -0
  32. src/icwp-processor-privacyprotect.php +8 -6
  33. src/icwp-processor-usermanagement.php +535 -0
  34. src/icwp-pure-base.php +266 -283
  35. src/icwp-wpfunctions.php +87 -5
  36. views/icwp-wpsf-access_restricted_index.php +54 -0
  37. views/icwp-wpsf-config-options-table.php +23 -0
  38. views/{icwp_wpsf_config_autoupdates_index.php → icwp-wpsf-config_autoupdates_index.php} +20 -24
  39. views/icwp-wpsf-config_footer.php +4 -0
  40. views/icwp-wpsf-config_header.php +25 -0
  41. views/icwp-wpsf-config_index.php +4 -0
  42. views/icwp-wpsf-config_plugin_index.php +302 -0
  43. views/icwp-wpsf-config_user_management_index.php +56 -0
  44. views/{icwp_wpsf_state_summary.php → icwp-wpsf-state_summary.php} +13 -14
  45. views/icwp_options_helper.php +2 -3
  46. views/icwp_wpsf_access_key_request_index.php +0 -64
  47. views/icwp_wpsf_config_comments_filter_index.php +0 -35
  48. views/icwp_wpsf_config_firewall_index.php +0 -38
  49. views/icwp_wpsf_config_lockdown_index.php +0 -35
  50. views/icwp_wpsf_config_login_protect_index.php +0 -36
  51. views/icwp_wpsf_config_privacy_protect_index.php +0 -35
  52. views/icwp_wpsf_firewall_log_index.php +77 -85
  53. views/icwp_wpsf_index.php +11 -27
  54. views/icwp_wpsf_privacy_protect_log_index.php +46 -54
icwp-wpsf-main.php ADDED
@@ -0,0 +1,479 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ /**
4
+ * Copyright (c) 2014 iControlWP <support@icontrolwp.com>
5
+ * All rights reserved.
6
+ *
7
+ * "WordPress Simple Firewall" is
8
+ * distributed under the GNU General Public License, Version 2,
9
+ * June 1991. Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin
10
+ * St, Fifth Floor, Boston, MA 02110, USA
11
+ *
12
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
13
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
14
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
15
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
16
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
17
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
18
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
19
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
20
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
21
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
22
+ */
23
+
24
+ require_once( dirname(__FILE__).'/src/icwp-pure-base.php' );
25
+ require_once( dirname(__FILE__).'/src/icwp-data-processor.php' );
26
+
27
+ if ( !function_exists( '_wpsf_e' ) ) {
28
+ function _wpsf_e( $insStr ) {
29
+ _e( $insStr, 'wp-simple-firewall' );
30
+ }
31
+ }
32
+ if ( !function_exists( '_wpsf__' ) ) {
33
+ function _wpsf__( $insStr ) {
34
+ return __( $insStr, 'wp-simple-firewall' );
35
+ }
36
+ }
37
+
38
+ if ( !class_exists('ICWP_Wordpress_Simple_Firewall') ):
39
+
40
+ class ICWP_Wordpress_Simple_Firewall extends ICWP_Pure_Base_V5 {
41
+
42
+ /**
43
+ * @var string
44
+ */
45
+ const AdminAccessKeyCookieName = 'icwp_wpsf_aakcook';
46
+
47
+ /**
48
+ * @var ICWP_WPSF_FeatureHandler_Plugin
49
+ */
50
+ protected $oPluginOptions;
51
+ /**
52
+ * @var ICWP_WPSF_FeatureHandler_AdminAccessRestriction
53
+ */
54
+ protected $oAdminAccessRestrictionOptions;
55
+ /**
56
+ * @var ICWP_WPSF_FeatureHandler_Firewall
57
+ */
58
+ protected $oFirewallOptions;
59
+ /**
60
+ * @var ICWP_WPSF_FeatureHandler_LoginProtect
61
+ */
62
+ protected $oLoginProtectOptions;
63
+
64
+ /**
65
+ * @var ICWP_WPSF_FeatureHandler_PrivacyProtect
66
+ */
67
+ protected $oPrivacyProtectOptions;
68
+
69
+ /**
70
+ * @var ICWP_WPSF_FeatureHandler_CommentsFilter
71
+ */
72
+ protected $oCommentsFilterOptions;
73
+
74
+ /**
75
+ * @var ICWP_WPSF_FeatureHandler_Lockdown
76
+ */
77
+ protected $oLockdownOptions;
78
+
79
+ /**
80
+ * @var ICWP_WPSF_FeatureHandler_Autoupdates
81
+ */
82
+ protected $oAutoupdatesOptions;
83
+
84
+ /**
85
+ * @var ICWP_WPSF_FeatureHandler_Email
86
+ */
87
+ protected $oEmailOptions;
88
+
89
+ /**
90
+ * @var ICWP_WPSF_FeatureHandler_Logging
91
+ */
92
+ protected $oLoggingOptions;
93
+
94
+ /**
95
+ */
96
+ public function __construct( ICWP_Wordpress_Simple_Firewall_Plugin $oPluginVo ) {
97
+ parent::__construct( $oPluginVo );
98
+
99
+ $this->loadAllFeatures();
100
+ add_filter( $this->doPluginPrefix( 'has_permission_to_view' ), array( $this, 'hasPermissionToView' ) );
101
+ add_filter( $this->doPluginPrefix( 'has_permission_to_submit' ), array( $this, 'hasPermissionToSubmit' ) );
102
+ }
103
+
104
+ public function onWpActivatePlugin() {
105
+ $this->loadAllFeatures( true, true );
106
+ }
107
+
108
+ /**
109
+ * @param bool $fRecreate
110
+ * @param bool $fFullBuild
111
+ * @return bool
112
+ */
113
+ protected function loadAllFeatures( $fRecreate = false, $fFullBuild = false ) {
114
+ foreach( $this->oPluginVo->getFeatures() as $sFeature ) {
115
+ $fSuccess = $this->loadFeatureHandler( $sFeature, $fRecreate, $fFullBuild );
116
+ }
117
+ return $fSuccess;
118
+ }
119
+
120
+ protected function loadFeatureHandler( $sFeatureSlug = 'plugin', $infRecreate = false, $infFullBuild = false ) {
121
+ if ( !$this->getIsFeature( $sFeatureSlug ) ) {
122
+ return false;
123
+ }
124
+
125
+ $sFeatureName = str_replace( ' ', '', ucwords( str_replace( '_', ' ', $sFeatureSlug ) ) );
126
+ $sOptionsVarName = 'o'.$sFeatureName.'Options'; // e.g. oPluginOptions
127
+
128
+ if ( isset( $this->{$sOptionsVarName} ) ) {
129
+ return $this->{$sOptionsVarName};
130
+ }
131
+ $sSourceFile = $this->oPluginVo->getSourceDir().'icwp-optionshandler-'.$sFeatureSlug.'.php'; // e.g. icwp-optionshandler-plugin.php
132
+ $sClassName = 'ICWP_WPSF_FeatureHandler_'.$sFeatureName; // e.g. ICWP_WPSF_FeatureHandler_Plugin
133
+
134
+ require_once( $sSourceFile );
135
+ if ( $infRecreate || !isset( $this->{$sOptionsVarName} ) ) {
136
+ $this->{$sOptionsVarName} = new $sClassName( $this->oPluginVo );
137
+ }
138
+ if ( $infFullBuild ) {
139
+ $this->{$sOptionsVarName}->buildOptions();
140
+ }
141
+ return $this->{$sOptionsVarName};
142
+ }
143
+
144
+ /**
145
+ * Given a certain feature 'slug' will return true if this is a particular supported feature of this plugin.
146
+ *
147
+ * @param string $sFeature
148
+ * @return boolean
149
+ */
150
+ public function getIsFeature( $sFeature ) {
151
+ return in_array( $sFeature, $this->oPluginVo->getFeatures() );
152
+ }
153
+
154
+ /**
155
+ * @param array $aItems
156
+ * @return array $aItems
157
+ */
158
+ public function filter_addExtraAdminMenuItems( $aItems ) {
159
+ $aItems[ _wpsf__('Firewall Log' ) ] = array( 'Firewall Log', $this->getSubmenuId('firewall_log'), array( $this, 'onDisplayAll' ) );
160
+ return $aItems;
161
+ }
162
+
163
+ /**
164
+ * Displaying all views now goes through this central function and we work out
165
+ * what to display based on the name of current hook/filter being processed.
166
+ */
167
+ public function onDisplayAll() {
168
+
169
+ if ( !$this->hasPermissionToView() ) {
170
+ $this->onDisplayAccessKeyRequest();
171
+ return;
172
+ }
173
+
174
+ // Just to ensure the nag bar disappears if/when they visit the dashboard
175
+ // regardless of clicking the button.
176
+ $this->updateVersionUserMeta();
177
+
178
+ $sPrefix = str_replace(' ', '-', strtolower( $this->oPluginVo->getAdminMenuTitle() ) ) .'_page_'.$this->getPluginPrefix().'-';
179
+ $sCurrent = str_replace( $sPrefix, '', current_filter() );
180
+
181
+ switch( $sCurrent ) {
182
+ case 'privacy_protect_log' :
183
+ $this->onDisplayPrivacyProtectLog();
184
+ break;
185
+ case 'firewall_log' :
186
+ $this->onDisplayFirewallLog();
187
+ break;
188
+ default:
189
+ $this->getFeatureHandler_MainPlugin()->displayFeatureConfigPage();
190
+ break;
191
+ }
192
+ }
193
+
194
+ /**
195
+ * @param string $sSubmenu
196
+ * @return array
197
+ */
198
+ protected function getBaseDisplayData( $sSubmenu = '' ) {
199
+ $aBaseData = parent::getBaseDisplayData( $sSubmenu );
200
+ $aBaseData['aMainOptions'] = $this->oPluginOptions->getPluginOptionsValues();
201
+ return $aBaseData;
202
+ }
203
+
204
+ protected function onDisplayPrivacyProtectLog() {
205
+
206
+ $oPrivacyProcessor = $this->getProcessor_PrivacyProtect();
207
+ $aData = array(
208
+ 'urlrequests_log' => $oPrivacyProcessor->getLogs( true )
209
+ );
210
+ $aData = array_merge( $this->getBaseDisplayData('privacy_protect_log'), $aData );
211
+ $this->display( $this->doPluginPrefix( 'privacy_protect_log_index', '_' ), $aData );
212
+ }
213
+
214
+ protected function onDisplayFirewallLog() {
215
+
216
+ $this->loadFeatureHandler( 'firewall' );
217
+ $aIpWhitelist = $this->oFirewallOptions->getOpt( 'ips_whitelist' );
218
+ $aIpBlacklist = $this->oFirewallOptions->getOpt( 'ips_blacklist' );
219
+
220
+ $oLoggingProcessor = $this->getProcessor_Logging();
221
+ $aLogData = $oLoggingProcessor->getLogs( true );
222
+
223
+ $aData = array(
224
+ 'firewall_log' => $aLogData,
225
+ 'ip_whitelist' => isset( $aIpWhitelist['ips'] )? $aIpWhitelist['ips'] : array(),
226
+ 'ip_blacklist' => isset( $aIpBlacklist['ips'] )? $aIpBlacklist['ips'] : array(),
227
+ );
228
+ $aData = array_merge( $this->getBaseDisplayData('firewall_log'), $aData );
229
+ $this->display( $this->doPluginPrefix( 'firewall_log_index', '_' ), $aData );
230
+ }
231
+
232
+ public function onWpAdminInit() {
233
+ parent::onWpAdminInit();
234
+
235
+ if ( $this->isValidAdminArea() ) {
236
+ //Someone clicked the button to acknowledge the update
237
+ $sMetaFlag = $this->doPluginPrefix( 'hide_update_notice' );
238
+ if ( $this->fetchRequest( $sMetaFlag ) == 1 ) {
239
+ $this->updateVersionUserMeta();
240
+ if ( $this->isShowMarketing() ) {
241
+ wp_redirect( $this->getUrl_PluginDashboard() );
242
+ }
243
+ else {
244
+ wp_redirect( network_admin_url( $_POST['redirect_page'] ) );
245
+ }
246
+ }
247
+
248
+ $sMetaFlag = $this->doPluginPrefix( 'hide_translation_notice' );
249
+ if ( $this->fetchRequest( $sMetaFlag ) == 1 ) {
250
+ $this->updateTranslationNoticeShownUserMeta();
251
+ wp_redirect( network_admin_url( $_POST['redirect_page'] ) );
252
+ }
253
+
254
+ $sMetaFlag = $this->doPluginPrefix( 'hide_mailing_list_signup' );
255
+ if ( $this->fetchRequest( $sMetaFlag ) == 1 ) {
256
+ $this->updateMailingListSignupShownUserMeta();
257
+ }
258
+ }
259
+ }
260
+
261
+ /**
262
+ * @return bool
263
+ */
264
+ protected function isShowMarketing() {
265
+ return apply_filters( $this->doPluginPrefix( 'show_marketing' ), true );
266
+ }
267
+
268
+ protected function getPluginsListUpdateMessage() {
269
+ return _wpsf__( 'Upgrade Now To Keep Your Firewall Up-To-Date With The Latest Features.' );
270
+ }
271
+
272
+ protected function getAdminNoticeHtml_Translations() {
273
+
274
+ if ( $this->getInstallationDays() < 7 ) {
275
+ return '';
276
+ }
277
+
278
+ $sMetaFlag = $this->doPluginPrefix( 'hide_translation_notice' );
279
+
280
+ $sRedirectPage = 'index.php';
281
+ ob_start(); ?>
282
+ <style>
283
+ a#fromIcwp { padding: 0 5px; border-bottom: 1px dashed rgba(0,0,0,0.1); color: blue; font-weight: bold; }
284
+ </style>
285
+ <form id="IcwpTranslationsNotice" method="post" action="admin.php?page=<?php echo $this->getSubmenuId('firewall'); ?>&<?php echo $sMetaFlag; ?>=1">
286
+ <input type="hidden" value="<?php echo $sRedirectPage; ?>" name="redirect_page" id="redirect_page">
287
+ <input type="hidden" value="1" name="<?php echo $sMetaFlag; ?>" id="<?php echo $sMetaFlag; ?>">
288
+ <h4 style="margin:10px 0 3px;">
289
+ <?php _wpsf_e( 'Would you like to help translate the WordPress Simple Firewall into your language?' ); ?>
290
+ <?php printf( _wpsf__( 'Head over to: %s' ), '<a href="http://translate.icontrolwp.com" target="_blank">translate.icontrolwp.com</a>' ); ?>
291
+ </h4>
292
+ <input type="submit" value="<?php _wpsf_e( 'Dismiss this notice' ); ?>" name="submit" class="button" style="float:left; margin-bottom:10px;">
293
+ <div style="clear:both;"></div>
294
+ </form>
295
+ <?php
296
+ $sNotice = ob_get_contents();
297
+ ob_end_clean();
298
+ return $sNotice;
299
+ }
300
+
301
+ protected function getAdminNoticeHtml_VersionUpgrade() {
302
+
303
+ // for now just showing this for the first 3 days of installation.
304
+ if ( $this->getInstallationDays() > 7 ) {
305
+ return '';
306
+ }
307
+
308
+ $sMetaFlag = $this->doPluginPrefix( 'hide_update_notice' );
309
+
310
+ $sRedirectPage = 'admin.php?page=icwp-wpsf';
311
+ ob_start(); ?>
312
+ <style>a#fromIcwp { padding: 0 5px; border-bottom: 1px dashed rgba(0,0,0,0.1); color: blue; font-weight: bold; }</style>
313
+ <form id="IcwpUpdateNotice" method="post" action="admin.php?page=<?php echo $this->getSubmenuId('firewall'); ?>&<?php echo $sMetaFlag; ?>=1">
314
+ <input type="hidden" value="<?php echo $sRedirectPage; ?>" name="redirect_page" id="redirect_page">
315
+ <input type="hidden" value="1" name="<?php echo $sMetaFlag; ?>" id="<?php echo $sMetaFlag; ?>">
316
+ <p>
317
+ <?php _wpsf_e( 'Note: WordPress Simple Firewall plugin does not automatically turn on when you install/update.' ); ?>
318
+ <?php printf( _wpsf__( 'There may also be %simportant updates to read about%s.' ), '<a href="http://icwp.io/27" id="fromIcwp" title="'._wpsf__( 'WordPress Simple Firewall' ).'" target="_blank">', '</a>' ); ?>
319
+ </p>
320
+ </h4>
321
+ <input type="submit" value="<?php _wpsf_e( 'Okay, show me the dashboard' ); ?>" name="submit" class="button" style="float:left; margin-bottom:10px;">
322
+ <div style="clear:both;"></div>
323
+ </form>
324
+ <?php
325
+ $sNotice = ob_get_contents();
326
+ ob_end_clean();
327
+ return $sNotice;
328
+ }
329
+
330
+ /**
331
+ * @return string|void
332
+ */
333
+ protected function getAdminNoticeHtml_MailingListSignup() {
334
+
335
+ $nDays = $this->getInstallationDays();
336
+ if ( $nDays < 2 ) {
337
+ return '';
338
+ }
339
+ $sMetaFlag = $this->doPluginPrefix( 'hide_mailing_list_signup' );
340
+
341
+ ob_start(); ?>
342
+ <!-- Begin MailChimp Signup Form -->
343
+ <div id="mc_embed_signup">
344
+ <form class="form form-inline" action="http://hostliketoast.us2.list-manage1.com/subscribe/post?u=e736870223389e44fb8915c9a&amp;id=0e1d527259" method="post" id="mc-embedded-subscribe-form" name="mc-embedded-subscribe-form" class="validate" target="_blank" novalidate>
345
+ <p>The WordPress Simple Firewall team has launched a education initiative to raise awareness of WordPress security and to provide further help with the WordPress Simple Firewall plugin. Get Involved here:</p>
346
+ <input type="text" value="" name="EMAIL" class="required email" id="mce-EMAIL" placeholder="Your Email" />
347
+ <input type="text" value="" name="FNAME" class="" id="mce-FNAME" placeholder="Your Name" />
348
+ <input type="hidden" value="<?php echo $nDays; ?>" name="DAYS" class="" id="mce-DAYS" />
349
+ <input type="submit" value="Get The News" name="subscribe" id="mc-embedded-subscribe" class="button" />
350
+ <a href="<?php echo $this->getUrl_PluginDashboard().'&'.$sMetaFlag.'=1';?>">Dismiss</a>
351
+ <div id="mce-responses" class="clear">
352
+ <div class="response" id="mce-error-response" style="display:none"></div>
353
+ <div class="response" id="mce-success-response" style="display:none"></div>
354
+ </div> <!-- real people should not fill this in and expect good things - do not remove this or risk form bot signups-->
355
+ <div style="position: absolute; left: -5000px;"><input type="text" name="b_e736870223389e44fb8915c9a_0e1d527259" tabindex="-1" value=""></div>
356
+ <div class="clear"></div>
357
+ </form>
358
+ </div>
359
+
360
+ <!--End mc_embed_signup-->
361
+ <?php
362
+ $sNotice = ob_get_contents();
363
+ ob_end_clean();
364
+ return $sNotice;
365
+ }
366
+
367
+ protected function getAdminNoticeHtml_OptionsUpdated() {
368
+ $sAdminFeedbackNotice = $this->oPluginOptions->getOpt( 'feedback_admin_notice' );
369
+ if ( !empty( $sAdminFeedbackNotice ) ) {
370
+ $sNotice = '<p>'.$sAdminFeedbackNotice.'</p>';
371
+ return $sNotice;
372
+ $this->oPluginOptions->setOpt( 'feedback_admin_notice', '' );
373
+ }
374
+ }
375
+
376
+ /**
377
+ *
378
+ */
379
+ protected function getShowAdminNotices() {
380
+ return $this->oPluginOptions->getOpt('enable_upgrade_admin_notice') == 'Y';
381
+ }
382
+
383
+ /**
384
+ * @return int
385
+ */
386
+ protected function getInstallationDays() {
387
+ $nTimeInstalled = $this->oPluginOptions->getOpt( 'installation_time' );
388
+ if ( empty($nTimeInstalled) ) {
389
+ return 0;
390
+ }
391
+ return round( ( time() - $nTimeInstalled ) / DAY_IN_SECONDS );
392
+ }
393
+
394
+ protected function getAdminBarNodes() {
395
+ return array(); //disabled for now
396
+ $aMenu = array(
397
+ 'id' => self::$sOptionPrefix.'admin_menu',
398
+ 'title' => '<span class="pluginlogo_16">&nbsp;</span>'._wpsf__('Firewall').'',
399
+ 'href' => 'bob',
400
+ );
401
+ return array( $aMenu );
402
+ }
403
+
404
+ public function onWpDeactivatePlugin() {
405
+ if ( $this->getFeatureHandler_MainPlugin()->getOpt( 'delete_on_deactivate' ) == 'Y' && current_user_can( $this->oPluginVo->getBasePermissions() ) ) {
406
+ do_action( $this->doPluginPrefix( 'delete_plugin_options' ) );
407
+ }
408
+ }
409
+
410
+ /**
411
+ * @return ICWP_WPSF_FeatureHandler_Plugin|null
412
+ */
413
+ public function getFeatureHandler_MainPlugin() {
414
+ return $this->loadFeatureHandler( 'plugin' );
415
+ }
416
+
417
+ /**
418
+ * @return ICWP_WPSF_FeatureHandler_AdminAccessRestriction|null
419
+ */
420
+ public function getFeatureHandler_AdminAccessRestriction() {
421
+ return $this->loadFeatureHandler( 'admin_access_restriction' );
422
+ }
423
+
424
+ /**
425
+ * @return ICWP_WPSF_FeatureHandler_AdminAccessRestriction|null
426
+ */
427
+ public function getProcessor_AdminAccessRestriction() {
428
+ return $this->getFeatureHandler_AdminAccessRestriction()->getProcessor();
429
+ }
430
+
431
+ /**
432
+ * @return ICWP_WPSF_FirewallProcessor|null
433
+ */
434
+ public function getProcessor_Firewall() {
435
+ $this->loadFeatureHandler( 'firewall' );
436
+ return $this->oFirewallOptions->getProcessor();
437
+ }
438
+
439
+ /**
440
+ * @return ICWP_WPSF_LoginProtectProcessor|null
441
+ */
442
+ public function getProcessor_LoginProtect() {
443
+ $this->loadFeatureHandler( 'login_protect' );
444
+ return $this->oLoginProtectOptions->getProcessor();
445
+ }
446
+
447
+ /**
448
+ * @return ICWP_WPSF_AutoupdatesProcessor|null
449
+ */
450
+ public function getProcessor_Autoupdates() {
451
+ $this->loadFeatureHandler( 'autoupdates' );
452
+ return $this->oAutoupdatesOptions->getProcessor();
453
+ }
454
+
455
+ /**
456
+ * @return ICWP_WPSF_PrivacyProtectProcessor|null
457
+ */
458
+ public function getProcessor_PrivacyProtect() {
459
+ $this->loadFeatureHandler( 'privacy_protect' );
460
+ return $this->oPrivacyProtectOptions->getProcessor();
461
+ }
462
+
463
+ /**
464
+ * @return ICWP_WPSF_LoggingProcessor|null
465
+ */
466
+ public function getProcessor_Logging() {
467
+ $this->loadFeatureHandler( 'logging' );
468
+ return $this->oLoggingOptions->getProcessor();
469
+ }
470
+
471
+ /**
472
+ * @return ICWP_WPSF_EmailProcessor|null
473
+ */
474
+ public function getProcessor_Email() {
475
+ return $this->oPluginOptions->getEmailProcessor();
476
+ }
477
+ }
478
+
479
+ endif;
icwp-wpsf.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: WordPress Simple Firewall
4
  * Plugin URI: http://icwp.io/2f
5
  * Description: A Simple WordPress Firewall
6
- * Version: 2.6.6
7
  * Text Domain: wp-simple-firewall
8
  * Author: iControlWP
9
  * Author URI: http://icwp.io/2e
@@ -30,1015 +30,223 @@
30
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31
  */
32
 
33
- require_once( dirname(__FILE__).'/src/icwp-feature-master.php' );
34
- require_once( dirname(__FILE__).'/src/icwp-data-processor.php' );
35
 
36
- if ( !function_exists( '_wpsf_e' ) ) {
37
- function _wpsf_e( $insStr ) {
38
- _e( $insStr, 'wp-simple-firewall' );
39
- }
40
- }
41
- if ( !function_exists( '_wpsf__' ) ) {
42
- function _wpsf__( $insStr ) {
43
- return __( $insStr, 'wp-simple-firewall' );
44
- }
45
- }
46
-
47
- if ( !class_exists('ICWP_Wordpress_Simple_Firewall') ):
48
-
49
- class ICWP_Wordpress_Simple_Firewall extends ICWP_Feature_Master {
50
 
51
  /**
52
- * Should be updated each new release.
53
- * @var string
54
  */
55
- const PluginVersion = '2.6.6';
56
-
57
  /**
58
- * @var string
59
  */
60
- const PluginTextDomain = 'wp-simple-firewall';
 
61
  /**
62
- * Should be updated each new release.
63
  * @var string
64
  */
65
- const PluginSlug = 'wpsf'; //ALL database options use this as the prefix.
 
66
  /**
67
  * @var string
68
  */
69
- const AdminAccessKeyCookieName = 'icwp_wpsf_aakcook';
70
 
71
  /**
72
- * @var ICWP_OptionsHandler_Firewall
73
  */
74
- protected $m_oFirewallOptions;
75
 
76
  /**
77
- * @var ICWP_OptionsHandler_LoginProtect
78
- */
79
- protected $m_oLoginProtectOptions;
80
- /**
81
- * @var ICWP_OptionsHandler_PrivacyProtect
82
  */
83
- protected $m_oPrivacyProtectOptions;
84
 
85
  /**
86
- * @var ICWP_OptionsHandler_CommentsFilter
87
  */
88
- protected $m_oCommentsFilterOptions;
89
 
90
  /**
91
- * @var ICWP_OptionsHandler_Lockdown
92
  */
93
- protected $m_oLockdownOptions;
94
 
95
  /**
96
- * @var ICWP_OptionsHandler_AutoUpdates
97
  */
98
- protected $m_oAutoUpdatesOptions;
99
 
100
  /**
101
- * @var ICWP_OptionsHandler_Email_Wpsf
102
- */
103
- protected $m_oEmailOptions;
104
-
105
- /**
106
- * @var ICWP_FirewallProcessor
107
- */
108
- protected $m_oFirewallProcessor;
109
-
110
- /**
111
- * @var ICWP_LoginProtectProcessor
112
- */
113
- protected $m_oLoginProtectProcessor;
114
-
115
- /**
116
- * @var ICWP_CommentsFilterProcessor
117
  */
118
- protected $m_oCommentsFilterProcessor;
119
 
120
  /**
121
- * @var ICWP_LockdownProcessor
122
- */
123
- protected $m_oLockdownProcessor;
124
- /**
125
- * @var ICWP_WPSF_PrivacyProtectProcessor
126
- */
127
- protected $m_oPrivacyProtectProcessor;
128
-
129
- /**
130
- * @var ICWP_WPSF_AutoUpdatesProcessor
131
  */
132
- protected $m_oAutoUpdatesProcessor;
133
-
134
  /**
135
- * @var ICWP_WPSF_LoggingProcessor
136
  */
137
- protected $m_oLoggingProcessor;
138
-
139
  /**
140
- * @var ICWP_EmailProcessor
141
  */
142
- protected $m_oEmailProcessor;
 
 
 
 
 
 
 
 
 
 
 
 
143
 
144
  /**
145
- * @var bool
146
  */
147
- private $fAdminAccessPermSubmit = null;
148
 
149
  /**
 
150
  */
151
- public function __construct() {
152
-
153
- $this->m_fNetworkAdminOnly = true;
154
- $this->m_sPluginRootFile = __FILE__; //ensure all relative paths etc. are setup.
155
-
156
- self::$sOptionPrefix = sprintf( '%s_%s_', self::BaseSlug, self::PluginSlug );
157
- $this->m_sVersion = self::PluginVersion;
158
- $this->m_sPluginHumanName = "WordPress Simple Firewall";
159
- $this->m_sPluginTextDomain = self::PluginTextDomain;
160
- $this->m_sPluginMenuTitle = "Simple Firewall";
161
- $this->m_sPluginSlug = self::PluginSlug;
162
- $this->m_sParentMenuIdSuffix = self::PluginSlug;
163
-
164
- parent::__construct(
165
- array(
166
- 'logging' => 'Logging',
167
- 'email' => 'Email',
168
- 'firewall' => 'Firewall',
169
- 'login_protect' => 'LoginProtect',
170
- 'comments_filter' => 'CommentsFilter',
171
- // 'privacy_protect' => 'PrivacyProtect',
172
- 'lockdown' => 'Lockdown',
173
- 'autoupdates' => 'AutoUpdates'
174
- ),
175
- array(
176
- 'm_oPluginMainOptions',
177
- 'm_oEmailOptions',
178
- 'm_oFirewallOptions',
179
- 'm_oLoginProtectOptions',
180
- 'm_oCommentsFilterOptions',
181
- 'm_oPrivacyProtectOptions',
182
- 'm_oLockdownOptions',
183
- 'm_oAutoUpdatesOptions'
184
- )
185
- );
186
-
187
- // loads the base plugin options from 1 db call
188
- $this->loadOptionsHandler( 'PluginMain' );
189
- $this->m_fAutoPluginUpgrade = false && $this->m_oPluginMainOptions->getOpt( 'enable_auto_plugin_upgrade' ) == 'Y';
190
-
191
- // checks for filesystem based firewall overrides
192
- $this->override();
193
-
194
- if ( isset( $_GET['turnoffperm'] ) ) {
195
- $this->setPermissionToSubmit( false );
196
  }
197
-
198
- add_filter( 'pre_update_option', array($this, 'blockOptionsSaves'), 1, 3 );
199
  }
200
 
201
  /**
202
- * @return string
203
  */
204
- protected function override() {
205
- $sSetting = parent::override();
206
- if ( empty( $sSetting ) ) {
207
- return $sSetting;
208
  }
209
- $this->m_oPluginMainOptions->setOpt( 'enable_admin_access_restriction', $sSetting );
210
- $this->m_oPluginMainOptions->savePluginOptions();
211
- return $sSetting;
212
  }
213
-
214
- /**
215
- * Should be called from the constructor so as to ensure it is called as early as possible.
216
- *
217
- * @return void
218
- */
219
- public function runFirewallProcess() {
220
-
221
- $this->loadProcessor( 'Firewall' );
222
- $fFirewallBlockUser = !$this->m_oFirewallProcessor->doFirewallCheck();
223
 
224
- if ( $fFirewallBlockUser ) {
225
- if ( $this->m_oFirewallProcessor->getNeedsEmailHandler() ) {
226
- $this->loadProcessor( 'Email' );
227
- $this->m_oFirewallProcessor->setEmailHandler( $this->m_oEmailProcessor );
228
- }
229
- $this->m_oFirewallProcessor->doPreFirewallBlock();
230
- }
231
-
232
- if ( $fFirewallBlockUser ) {
233
- $this->shutdown();
234
- $this->m_oFirewallProcessor->doFirewallBlock();
235
- }
236
- }
237
-
238
  /**
239
- * Handles the running of all Login Protection processes.
240
  */
241
- public function runLoginProtect() {
242
- $this->loadProcessor( 'LoginProtect' );
243
- $this->loadProcessor( 'Email' );
244
- $this->m_oLoginProtectProcessor->setEmailHandler( $this->m_oEmailProcessor );
245
- $this->m_oLoginProtectProcessor->run();
246
  }
247
-
248
  /**
249
- * Handles the running of all Auto Update processes.
250
  */
251
- public function runAutoUpdates() {
252
- $this->loadProcessor( 'AutoUpdates' );
253
- $this->m_oAutoUpdatesProcessor->run( $this->getPluginFile() );
254
  }
255
-
256
- protected function createPluginSubMenuItems() {
257
- $this->m_aPluginMenu = array(
258
- //Menu Page Title => Menu Item name, page ID (slug), callback function for this page - i.e. what to do/load.
259
- $this->getSubmenuPageTitle( _wpsf__('Firewall') ) => array( 'Firewall', $this->getSubmenuId('firewall'), 'onDisplayAll' ),
260
- $this->getSubmenuPageTitle( _wpsf__('Login Protect') ) => array( 'Login Protect', $this->getSubmenuId('login_protect'), 'onDisplayAll' ),
261
- $this->getSubmenuPageTitle( _wpsf__('Comments Filter') ) => array( 'Comments Filter', $this->getSubmenuId('comments_filter'), 'onDisplayAll' ),
262
- // $this->getSubmenuPageTitle( _wpsf__('Privacy Protect') ) => array( 'Privacy Protect', $this->getSubmenuId('privacy_protect'), 'onDisplayAll' ),
263
- $this->getSubmenuPageTitle( _wpsf__('Automatic Updates') ) => array( 'Automatic Updates', $this->getSubmenuId('autoupdates'), 'onDisplayAll' ),
264
- $this->getSubmenuPageTitle( _wpsf__('Lockdown') ) => array( 'Lockdown', $this->getSubmenuId('lockdown'), 'onDisplayAll' ),
265
- $this->getSubmenuPageTitle( _wpsf__('Firewall Log' ) ) => array( 'Firewall Log', $this->getSubmenuId('firewall_log'), 'onDisplayAll' ),
266
- // $this->getSubmenuPageTitle( _wpsf__('Privacy Log' ) ) => array( 'Privacy Log', $this->getSubmenuId('privacy_protect_log'), 'onDisplayAll' )
267
- );
268
- }
269
-
270
- protected function handlePluginUpgrade() {
271
- parent::handlePluginUpgrade();
272
-
273
- $sCurrentPluginVersion = $this->m_oPluginMainOptions->getVersion();
274
-
275
- if ( $sCurrentPluginVersion !== $this->m_sVersion && current_user_can( 'manage_options' ) ) {
276
-
277
- $this->loadOptionsHandler( 'all' );
278
-
279
- // refactoring so that email and logging options are more independent
280
- if ( version_compare( $sCurrentPluginVersion, '2.3.0', '<' ) ) {
281
- $this->deleteOption( 'whitelist_admins' );
282
-
283
- $this->m_oEmailOptions->setOpt( 'block_send_email_address', $this->m_oPluginMainOptions->getOpt( 'block_send_email_address') );
284
- $this->m_oEmailOptions->setOpt( 'send_email_throttle_limit', $this->m_oPluginMainOptions->getOpt( 'send_email_throttle_limit') );
285
- }//v2.3.0
286
-
287
- $this->loadProcessor( 'Logging' );
288
- $this->m_oLoggingProcessor->handleInstallUpgrade( $sCurrentPluginVersion );
289
 
290
- // clears all the processor caches
291
- $this->clearCaches();
292
- }
293
- }
294
-
295
  /**
296
- * Displaying all views now goes through this central function and we work out
297
- * what to display based on the name of current hook/filter being processed.
298
  */
299
- public function onDisplayAll() {
300
-
301
- if ( !$this->hasPermissionToView() ) {
302
- $this->onDisplayAccessKeyRequest();
303
- return;
304
- }
305
-
306
- // Just to ensure the nag bar disappears if/when they visit the dashboard
307
- // regardless of clicking the button.
308
- $this->updateVersionUserMeta();
309
-
310
- $sPrefix = str_replace(' ', '-', strtolower($this->m_sPluginMenuTitle) ) .'_page_'.self::BaseSlug.'-'.self::PluginSlug.'-';
311
- $sCurrent = str_replace( $sPrefix, '', current_filter() );
312
-
313
- switch( $sCurrent ) {
314
- case 'toplevel_page_'.self::BaseSlug.'-'.self::PluginSlug : //special case
315
- $this->onDisplayMainMenu();
316
- break;
317
- case 'privacy_protect_log' :
318
- $this->onDisplayPrivacyProtectLog();
319
- break;
320
- case 'firewall_log' :
321
- $this->onDisplayFirewallLog();
322
- break;
323
- default:
324
- $aFeatures = $this->getFeaturesMap();
325
- $this->loadOptionsHandler( $aFeatures[$sCurrent] );
326
- $sOptionsName = 'm_o'.$aFeatures[$sCurrent].'Options';
327
- $this->onDisplayConfig( $this->{$sOptionsName}, $sCurrent );
328
- break;
329
- }
330
- }
331
-
332
- public function onDisplayAccessKeyRequest() {
333
- $aData = array(
334
- 'nonce_field' => $this->getSubmenuId( 'wpsf-access-key' ),
335
- );
336
- $aData = array_merge( $this->getBaseDisplayData(), $aData );
337
- $this->display( 'icwp_wpsf_access_key_request_index', $aData );
338
- }
339
-
340
- public function onDisplayMainMenu() {
341
-
342
- $this->loadOptionsHandler( 'all', true );
343
- $aAvailableOptions = array_merge( $this->m_oPluginMainOptions->getOptions(), $this->m_oEmailOptions->getOptions() );
344
- $sMainOptions = $this->m_oPluginMainOptions->collateAllFormInputsForAllOptions();
345
- $sEmailMainOptions = $this->m_oEmailOptions->collateAllFormInputsForAllOptions();
346
- $sAllFormInputOptions = $sMainOptions.(ICWP_OptionsHandler_Base_Wpsf::CollateSeparator).$sEmailMainOptions;
347
-
348
- $aData = array(
349
- 'aAllOptions' => $aAvailableOptions,
350
- 'all_options_input' => $sAllFormInputOptions,
351
- );
352
- $aData = array_merge( $this->getBaseDisplayData(), $aData );
353
-
354
- $aData['aMainOptions'] = $this->m_oPluginMainOptions->getPluginOptionsValues();
355
- $aData['aSummaryData'] = $this->getDashboardSummaryDisplayData();
356
-
357
- if ( $this->getIsMainFeatureEnabled('firewall') ) {
358
- $this->loadOptionsHandler( 'Firewall' );
359
- $aData['aFirewallOptions'] = $this->m_oFirewallOptions->getPluginOptionsValues();
360
- }
361
- if ( $this->getIsMainFeatureEnabled('login_protect') ) {
362
- $this->loadOptionsHandler( 'LoginProtect' );
363
- $aData['aLoginProtectOptions'] = $this->m_oLoginProtectOptions->getPluginOptionsValues();
364
- }
365
- if ( $this->getIsMainFeatureEnabled('comments_filter') ) {
366
- $this->loadOptionsHandler( 'CommentsFilter' );
367
- $aData['aCommentsFilterOptions'] = $this->m_oCommentsFilterOptions->getPluginOptionsValues();
368
- }
369
- if ( $this->getIsMainFeatureEnabled('lockdown') ) {
370
- $this->loadOptionsHandler( 'Lockdown' );
371
- $aData['aLockdownOptions'] = $this->m_oLockdownOptions->getPluginOptionsValues();
372
- }
373
- if ( $this->getIsMainFeatureEnabled('autoupdates') ) {
374
- $this->loadOptionsHandler( 'AutoUpdates' );
375
- $aData['aAutoUpdatesOptions'] = $this->m_oAutoUpdatesOptions->getPluginOptionsValues();
376
- }
377
- $this->display( 'icwp_'.$this->m_sParentMenuIdSuffix.'_index', $aData );
378
- }
379
-
380
- protected function getDashboardSummaryDisplayData() {
381
-
382
- $aSummaryData = array();
383
- $aSummaryData[] = array(
384
- $this->m_oPluginMainOptions->getOpt( 'enable_admin_access_restriction' ) == 'Y',
385
- _wpsf__('Admin Access Protection'),
386
- $this->getSubmenuId()
387
- );
388
-
389
- $aSummaryData[] = array(
390
- $this->getIsMainFeatureEnabled('firewall'),
391
- _wpsf__('Firewall'),
392
- $this->getSubmenuId( 'firewall' )
393
- );
394
-
395
- $aSummaryData[] = array(
396
- $this->getIsMainFeatureEnabled('login_protect'),
397
- _wpsf__('Login Protection'),
398
- $this->getSubmenuId( 'login_protect' )
399
- );
400
-
401
- $aSummaryData[] = array(
402
- $this->getIsMainFeatureEnabled('comments_filter'),
403
- _wpsf__('Comments Filter'),
404
- $this->getSubmenuId( 'comments_filter' )
405
- );
406
-
407
- $aSummaryData[] = array(
408
- $this->getIsMainFeatureEnabled('autoupdates'),
409
- _wpsf__('Auto Updates'),
410
- $this->getSubmenuId( 'autoupdates' )
411
- );
412
-
413
- $aSummaryData[] = array(
414
- $this->getIsMainFeatureEnabled('lockdown'),
415
- _wpsf__('Lock Down'),
416
- $this->getSubmenuId( 'lockdown' )
417
- );
418
-
419
- return $aSummaryData;
420
- }
421
-
422
- protected function onDisplayPrivacyProtectLog() {
423
-
424
- $this->loadProcessor( 'PrivacyProtect' );
425
- $aData = array(
426
- 'urlrequests_log' => $this->m_oPrivacyProtectProcessor->getLogs( true )
427
- );
428
- $aData = array_merge( $this->getBaseDisplayData('privacy_protect_log'), $aData );
429
- $this->display( 'icwp_wpsf_privacy_protect_log_index', $aData );
430
- }
431
-
432
- protected function onDisplayFirewallLog() {
433
-
434
- $this->loadOptionsHandler( 'Firewall' );
435
- $aIpWhitelist = $this->m_oFirewallOptions->getOpt( 'ips_whitelist' );
436
- $aIpBlacklist = $this->m_oFirewallOptions->getOpt( 'ips_blacklist' );
437
- $this->loadProcessor( 'Logging' );
438
-
439
- $aLogData = $this->m_oLoggingProcessor->getLogs( true );
440
- $aData = array(
441
- 'firewall_log' => $aLogData,
442
- 'ip_whitelist' => isset( $aIpWhitelist['ips'] )? $aIpWhitelist['ips'] : array(),
443
- 'ip_blacklist' => isset( $aIpBlacklist['ips'] )? $aIpBlacklist['ips'] : array(),
444
- );
445
- $aData = array_merge( $this->getBaseDisplayData('firewall_log'), $aData );
446
- $this->display( 'icwp_wpsf_firewall_log_index', $aData );
447
  }
448
 
449
  /**
450
- *
451
- * @param ICWP_OptionsHandler_Base_WPSF $inoOptions
452
- * @param string $insSlug
453
  */
454
- protected function onDisplayConfig( $inoOptions, $insSlug ) {
455
- $aAvailableOptions = $inoOptions->getOptions();
456
- $sAllFormInputOptions = $inoOptions->collateAllFormInputsForAllOptions();
457
-
458
- $aData = array(
459
- 'aAllOptions' => $aAvailableOptions,
460
- 'all_options_input' => $sAllFormInputOptions,
461
- );
462
- $aData = array_merge( $this->getBaseDisplayData($insSlug), $aData );
463
- $this->display( 'icwp_wpsf_config_'.$insSlug.'_index', $aData );
464
  }
465
 
466
  /**
467
- * @return boolean
 
468
  */
469
- protected function isIcwpPluginFormSubmit() {
470
-
471
- if ( empty($_POST) && empty($_GET) ) {
472
- return false;
473
- }
474
-
475
- $aFormSubmitOptions = array(
476
- 'icwp_plugin_form_submit',
477
- 'icwp_link_action',
478
- 'icwp_wpsf_admin_access_key_request'
479
- );
480
- foreach( $aFormSubmitOptions as $sOption ) {
481
- if ( !is_null( $this->fetchRequest( $sOption, false ) ) ) {
482
- return true;
483
- }
484
- }
485
- return false;
486
  }
487
-
488
- protected function handlePluginFormSubmit() {
489
- if ( !is_null( $this->fetchPost( 'icwp_wpsf_admin_access_key_request' ) ) ) {
490
- return $this->handleSubmit_AccessKeyRequest();
491
- }
492
-
493
- if ( !$this->hasPermissionToSubmit() || !$this->isIcwpPluginFormSubmit() ) {
494
- return false;
495
- }
496
 
497
- $sCurrentPage = $this->fetchGet('page');
498
- if ( !is_null($sCurrentPage) ) {
499
- switch ( $sCurrentPage ) {
500
- case $this->getSubmenuId():
501
- $this->handleSubmit_Dashboard();
502
- break;
503
- case $this->getSubmenuId( 'firewall' ):
504
- $this->handleSubmit_FirewallConfig();
505
- break;
506
- case $this->getSubmenuId( 'login_protect' ):
507
- $this->handleSubmit_LoginProtect();
508
- break;
509
- case $this->getSubmenuId( 'comments_filter' ):
510
- $this->handleSubmit_CommentsFilter();
511
- break;
512
- case $this->getSubmenuId( 'lockdown' ):
513
- $this->handleSubmit_Lockdown();
514
- break;
515
- case $this->getSubmenuId( 'autoupdates' ):
516
- $this->handleSubmit_AutoUpdates();
517
- break;
518
- case $this->getSubmenuId( 'firewall_log' ):
519
- $this->handleSubmit_FirewallLog();
520
- break;
521
- case $this->getSubmenuId( 'privacy_protect' ):
522
- $this->handleSubmit_PrivacyProtect();
523
- break;
524
- case $this->getSubmenuId( 'privacy_protect_log' ):
525
- $this->handleSubmit_PrivacyProtectLog();
526
- break;
527
- default:
528
- return false;
529
- break;
530
- }
531
- }
532
- $this->clearCaches();
533
- return true;
534
- }
535
-
536
- protected function setPermissionToSubmit( $infPermission = false ) {
537
- if ( $infPermission ) {
538
- $this->loadDataProcessor();
539
- $sValue = md5( $this->m_oPluginMainOptions->getOpt( 'admin_access_key' ).ICWP_WPSF_DataProcessor::GetVisitorIpAddress() );
540
- $sTimeout = $this->m_oPluginMainOptions->getOpt( 'admin_access_timeout' ) * 60;
541
- $_COOKIE[ self::AdminAccessKeyCookieName ] = $sValue;
542
- setcookie( self::AdminAccessKeyCookieName, $sValue, time()+$sTimeout, COOKIEPATH, COOKIE_DOMAIN, false );
543
- }
544
- else {
545
- unset( $_COOKIE[ self::AdminAccessKeyCookieName ] );
546
- setcookie( self::AdminAccessKeyCookieName, "", time()-3600, COOKIEPATH, COOKIE_DOMAIN, false );
547
- }
548
- }
549
-
550
  /**
551
- * @return boolean
552
  */
553
- protected function hasPermissionToSubmit() {
554
-
555
- if ( !is_null( $this->fAdminAccessPermSubmit ) ) {
556
- return $this->fAdminAccessPermSubmit;
557
- }
558
-
559
- $this->fAdminAccessPermSubmit = true;
560
- if ( !parent::hasPermissionToSubmit() ) {
561
- $this->fAdminAccessPermSubmit = false;
562
- }
563
- if ( $this->fAdminAccessPermSubmit && $this->m_oPluginMainOptions->getOpt( 'enable_admin_access_restriction' ) == 'Y' ) {
564
- $sAccessKey = $this->m_oPluginMainOptions->getOpt( 'admin_access_key' );
565
- if ( !empty( $sAccessKey ) ) {
566
- $this->loadDataProcessor();
567
- $sHash = md5( $sAccessKey.ICWP_WPSF_DataProcessor::GetVisitorIpAddress() );
568
- $this->fAdminAccessPermSubmit = isset( $_COOKIE[ self::AdminAccessKeyCookieName ] ) && ( $sHash == $_COOKIE[ self::AdminAccessKeyCookieName ] );
569
- }
570
- }
571
- return $this->fAdminAccessPermSubmit;
572
  }
573
 
574
  /**
575
- * Right before a plugin option is due to update it will check that we have permissions to do so and if not, will
576
- * revert the option to save to the previous one.
577
- *
578
- * @param $mValue
579
- * @param $sOption
580
- * @param $mOldValue
581
- * @return mixed
582
  */
583
- public function blockOptionsSaves( $mValue, $sOption, $mOldValue ) {
584
- if ( !preg_match( '/^'.self::$sOptionPrefix.'.*_options$/', $sOption ) || $this->fHasFtpOverride ) {
585
- return $mValue;
586
- }
587
- return $this->hasPermissionToSubmit()? $mValue : $mOldValue;
588
- }
589
-
590
- protected function handleSubmit_AccessKeyRequest() {
591
- //Ensures we're actually getting this request from WP.
592
- check_admin_referer( $this->getSubmenuId('wpsf-access-key') );
593
-
594
- $this->loadOptionsHandler( 'PluginMain' );
595
- $sAccessKey = md5( trim( $this->fetchPost( 'icwp_wpsf_admin_access_key_request' ) ) );
596
- $sStoredAccessKey = $this->m_oPluginMainOptions->getOpt( 'admin_access_key' );
597
-
598
- if ( $sAccessKey === $sStoredAccessKey ) {
599
- $this->setPermissionToSubmit( true );
600
- header( 'Location: '.network_admin_url('admin.php?page=icwp-wpsf') );
601
- exit();
602
- }
603
- return false;
604
- }
605
-
606
- protected function handleSubmit_Dashboard() {
607
- //Ensures we're actually getting this request from WP.
608
- check_admin_referer( $this->getSubmenuId() );
609
-
610
- $aInputOptions = $this->fetchPost( self::$sOptionPrefix.'all_options_input' );
611
- if ( is_null( $aInputOptions ) ) {
612
- return false;
613
- }
614
-
615
- $this->loadOptionsHandler( 'PluginMain' );
616
- $this->m_oPluginMainOptions->updatePluginOptionsFromSubmit( $aInputOptions );
617
-
618
- $this->loadOptionsHandler( 'Email' );
619
- $this->m_oEmailOptions->updatePluginOptionsFromSubmit( $aInputOptions );
620
-
621
- $this->setSharedOption( 'enable_firewall', $this->m_oPluginMainOptions->getOpt( 'enable_firewall' ) );
622
- $this->setSharedOption( 'enable_login_protect', $this->m_oPluginMainOptions->getOpt( 'enable_login_protect' ) );
623
- $this->setSharedOption( 'enable_comments_filter', $this->m_oPluginMainOptions->getOpt( 'enable_comments_filter' ) );
624
- $this->setSharedOption( 'enable_lockdown', $this->m_oPluginMainOptions->getOpt( 'enable_lockdown' ) );
625
- $this->setSharedOption( 'enable_autoupdates', $this->m_oPluginMainOptions->getOpt( 'enable_autoupdates' ) );
626
- $this->setSharedOption( 'enable_privacy_protect', $this->m_oPluginMainOptions->getOpt( 'enable_privacy_protect' ) );
627
-
628
- $this->saveOptions();
629
- $this->clearCaches();
630
-
631
- if ( !$this->fetchPost( self::$sOptionPrefix.'enable_admin_access_restriction' ) ) {
632
- $this->setPermissionToSubmit( false );
633
- }
634
- else {
635
- wp_safe_redirect( network_admin_url('admin.php?page=icwp-wpsf') );
636
- }
637
- }
638
-
639
- protected function handleSubmit_FirewallConfig() {
640
- //Ensures we're actually getting this request from WP.
641
- check_admin_referer( $this->getSubmenuId( 'firewall' ) );
642
-
643
- if ( isset($_POST[ 'import-wpf2-submit' ] ) ) {
644
- $this->importFromFirewall2Plugin();
645
- }
646
- else if ( !isset($_POST[self::$sOptionPrefix.'all_options_input']) ) {
647
- return;
648
- }
649
- else {
650
- $this->loadOptionsHandler( 'Firewall' );
651
- $this->m_oFirewallOptions->updatePluginOptionsFromSubmit( $_POST[self::$sOptionPrefix.'all_options_input'] );
652
- }
653
- $this->setSharedOption( 'enable_firewall', $this->m_oFirewallOptions->getOpt( 'enable_firewall' ) );
654
- $this->resetProcessor( 'Firewall' );
655
- }
656
-
657
- protected function handleSubmit_LoginProtect() {
658
- //Ensures we're actually getting this request from WP.
659
- check_admin_referer( $this->getSubmenuId('login_protect' ) );
660
-
661
- if ( $this->fetchPost( 'terminate-all-logins' ) ) {
662
- $oProc = $this->getProcessorVar('LoginProtect');
663
- $oProc->doTerminateAllVerifiedLogins();
664
- return;
665
- }
666
-
667
- if ( !isset($_POST[self::$sOptionPrefix.'all_options_input']) ) {
668
- return;
669
- }
670
- $this->loadOptionsHandler( 'LoginProtect' );
671
- $this->m_oLoginProtectOptions->updatePluginOptionsFromSubmit( $_POST[self::$sOptionPrefix.'all_options_input'] );
672
- $this->setSharedOption( 'enable_login_protect', $this->m_oLoginProtectOptions->getOpt( 'enable_login_protect' ) );
673
- $this->resetProcessor( 'LoginProtect' );
674
- }
675
-
676
- protected function handleSubmit_PrivacyProtect() {
677
- //Ensures we're actually getting this request from WP.
678
- check_admin_referer( $this->getSubmenuId('privacy_protect' ) );
679
-
680
- if ( !isset($_POST[self::$sOptionPrefix.'all_options_input']) ) {
681
- return;
682
- }
683
- $this->loadOptionsHandler( 'PrivacyProtect' );
684
- $this->m_oPrivacyProtectOptions->updatePluginOptionsFromSubmit( $_POST[self::$sOptionPrefix.'all_options_input'] );
685
- $this->setSharedOption( 'enable_privacy_protect', $this->m_oPrivacyProtectOptions->getOpt( 'enable_privacy_protect' ) );
686
- $this->resetProcessor( 'PrivacyProtect' );
687
- }
688
-
689
- protected function handleSubmit_CommentsFilter() {
690
- //Ensures we're actually getting this request from WP.
691
- check_admin_referer( $this->getSubmenuId('comments_filter' ) );
692
-
693
- if ( !isset($_POST[self::$sOptionPrefix.'all_options_input']) ) {
694
- return;
695
- }
696
- $this->loadOptionsHandler( 'CommentsFilter' );
697
- $this->m_oCommentsFilterOptions->updatePluginOptionsFromSubmit( $_POST[self::$sOptionPrefix.'all_options_input'] );
698
- $this->setSharedOption( 'enable_comments_filter', $this->m_oCommentsFilterOptions->getOpt( 'enable_comments_filter' ) );
699
- $this->resetProcessor( 'CommentsFilter' );
700
- }
701
-
702
- protected function handleSubmit_Lockdown() {
703
- //Ensures we're actually getting this request from WP.
704
- check_admin_referer( $this->getSubmenuId('lockdown' ) );
705
-
706
- if ( !isset($_POST[self::$sOptionPrefix.'all_options_input']) ) {
707
- return;
708
- }
709
- $this->loadOptionsHandler( 'Lockdown' );
710
- $this->m_oLockdownOptions->updatePluginOptionsFromSubmit( $_POST[self::$sOptionPrefix.'all_options_input'] );
711
- $this->setSharedOption( 'enable_lockdown', $this->m_oLockdownOptions->getOpt( 'enable_lockdown' ) );
712
- $this->resetProcessor( 'Lockdown' );
713
- }
714
-
715
- protected function handleSubmit_AutoUpdates() {
716
- //Ensures we're actually getting this request from WP.
717
- check_admin_referer( $this->getSubmenuId( 'autoupdates' ) );
718
-
719
- if ( isset( $_GET['force_run_auto_updates'] ) && $_GET['force_run_auto_updates'] == 'now' ) {
720
- $this->loadProcessor( 'AutoUpdates' );
721
- $this->m_oAutoUpdatesProcessor->setForceRunAutoUpdates( true );
722
- return;
723
- }
724
-
725
- if ( !isset($_POST[self::$sOptionPrefix.'all_options_input']) ) {
726
- return;
727
- }
728
- $this->loadOptionsHandler( 'AutoUpdates' );
729
- $this->m_oAutoUpdatesOptions->updatePluginOptionsFromSubmit( $_POST[self::$sOptionPrefix.'all_options_input'] );
730
- $this->setSharedOption( 'enable_autoupdates', $this->m_oAutoUpdatesOptions->getOpt( 'enable_autoupdates' ) );
731
- $this->resetProcessor( 'AutoUpdates' );
732
- }
733
-
734
- protected function handleSubmit_FirewallLog() {
735
-
736
- // Ensures we're actually getting this request from a valid WP submission.
737
- $sNonce = $this->fetchRequest( '_wpnonce', false );
738
- if ( is_null( $sNonce ) || !wp_verify_nonce( $sNonce, $this->getSubmenuId( 'firewall_log' ) ) ) {
739
- wp_die();
740
- }
741
-
742
- $this->loadOptionsHandler( 'Firewall' );
743
-
744
- // At the time of writing the page only has 1 form submission item - clear log
745
- if ( !is_null( $this->fetchPost( 'clear_log_submit' ) ) ) {
746
- $this->loadProcessor( 'Logging' );
747
- $this->m_oLoggingProcessor->recreateTable();
748
- }
749
- else {
750
- $this->m_oFirewallOptions->addRawIpsToFirewallList( 'ips_whitelist', array( $this->fetchGet( 'whiteip' ) ) );
751
- $this->m_oFirewallOptions->removeRawIpsFromFirewallList( 'ips_whitelist', array( $this->fetchGet( 'unwhiteip' ) ) );
752
- $this->m_oFirewallOptions->addRawIpsToFirewallList( 'ips_blacklist', array( $this->fetchGet( 'blackip' ) ) );
753
- $this->m_oFirewallOptions->removeRawIpsFromFirewallList( 'ips_blacklist', array( $this->fetchGet( 'unblackip' ) ) );
754
- $this->resetProcessor( 'Firewall' );
755
- }
756
- wp_safe_redirect( network_admin_url( "admin.php?page=".$this->getSubmenuId('firewall_log') ) ); //means no admin message is displayed
757
- exit();
758
- }
759
-
760
- protected function handleSubmit_PrivacyProtectLog() {
761
-
762
- // Ensures we're actually getting this request from a valid WP submission.
763
- $sNonce = $this->fetchRequest( '_wpnonce', false );
764
- if ( is_null( $sNonce ) || !wp_verify_nonce( $sNonce, $this->getSubmenuId( 'privacy_protect_log' ) ) ) {
765
- wp_die();
766
- }
767
-
768
- $this->loadOptionsHandler( 'PrivacyProtect' );
769
-
770
- // At the time of writing the page only has 1 form submission item - clear log
771
- if ( !is_null( $this->fetchPost( 'clear_log_submit' ) ) ) {
772
- $this->loadProcessor( 'PrivacyProtect' );
773
- $this->m_oPrivacyProtectProcessor->recreateTable();
774
- }
775
- else {
776
- // $this->m_oFirewallOptions->addRawIpsToFirewallList( 'ips_whitelist', array( $this->fetchGet( 'whiteip' ) ) );
777
- // $this->m_oFirewallOptions->removeRawIpsFromFirewallList( 'ips_whitelist', array( $this->fetchGet( 'unwhiteip' ) ) );
778
- // $this->m_oFirewallOptions->addRawIpsToFirewallList( 'ips_blacklist', array( $this->fetchGet( 'blackip' ) ) );
779
- // $this->m_oFirewallOptions->removeRawIpsFromFirewallList( 'ips_blacklist', array( $this->fetchGet( 'unblackip' ) ) );
780
- // $this->resetProcessor( 'Firewall' );
781
- }
782
- wp_safe_redirect( network_admin_url( "admin.php?page=".$this->getSubmenuId('privacy_protect_log') ) ); //means no admin message is displayed
783
- exit();
784
- }
785
-
786
- protected function importFromFirewall2Plugin() {
787
- $this->loadOptionsHandler( 'all' );
788
- require_once( dirname(__FILE__).'/src/icwp-import-wpf2-processor.php' );
789
- $oImportProcessor = new ICWP_ImportWpf2Processor( $this->m_oPluginMainOptions, $this->m_oFirewallOptions );
790
- $oImportProcessor->runImport();
791
- }
792
-
793
- public function onWpPluginsLoaded() {
794
- parent::onWpPluginsLoaded();
795
-
796
- $aFeatures = $this->getFeaturesMap();
797
- foreach( $aFeatures as $sFeatureSlug => $sProcessor ) {
798
- if ( !$this->getIsMainFeatureEnabled( $sFeatureSlug ) ) {
799
- continue;
800
- }
801
- if ( $sFeatureSlug == 'firewall' ) {
802
- $this->runFirewallProcess();
803
- }
804
- else if ( $sFeatureSlug == 'login_protect' ) {
805
- $this->runLoginProtect();
806
- }
807
- else if ( $sFeatureSlug == 'autoupdates' ) {
808
- $this->runAutoUpdates();
809
- }
810
- else {
811
- $sProcessorVariable = $this->loadProcessor( $sProcessor );
812
- $sProcessorVariable->run();
813
- }
814
- }
815
-
816
- if ( $this->isValidAdminArea()
817
- && $this->m_oPluginMainOptions->getOpt('enable_upgrade_admin_notice') == 'Y'
818
- && $this->hasPermissionToSubmit()
819
- ) {
820
- $this->m_fDoAutoUpdateCheck = true;
821
- }
822
- }
823
-
824
- public function onWpAdminInit() {
825
- parent::onWpAdminInit();
826
-
827
- if ( $this->isValidAdminArea() ) {
828
- //Someone clicked the button to acknowledge the update
829
- $sMetaFlag = self::$sOptionPrefix.'hide_update_notice';
830
- if ( $this->fetchRequest( $sMetaFlag ) == 1 ) {
831
- $this->updateVersionUserMeta();
832
- if ( $this->isShowMarketing() ) {
833
- wp_redirect( network_admin_url( "admin.php?page=".$this->getFullParentMenuId() ) );
834
- }
835
- else {
836
- wp_redirect( network_admin_url( $_POST['redirect_page'] ) );
837
- }
838
- }
839
-
840
- $sMetaFlag = self::$sOptionPrefix.'hide_translation_notice';
841
- if ( $this->fetchRequest( $sMetaFlag ) == 1 ) {
842
- $this->updateTranslationNoticeShownUserMeta();
843
- wp_redirect( network_admin_url( $_POST['redirect_page'] ) );
844
- }
845
-
846
- $sMetaFlag = self::$sOptionPrefix.'hide_mailing_list_signup';
847
- if ( $this->fetchRequest( $sMetaFlag ) == 1 ) {
848
- $this->updateMailingListSignupShownUserMeta();
849
- }
850
- }
851
  }
852
 
853
  /**
854
- * @return bool
855
  */
856
- protected function isShowMarketing() {
857
- // don't show marketing on the first 24hrs.
858
- if ( $this->getInstallationDays() < 1 ) {
859
- return false;
860
- }
861
- return parent::isShowMarketing();
862
  }
863
 
864
  /**
865
- * Lets you remove certain plugin conflicts that might interfere with this plugin
866
- *
867
- * @see ICWP_Pure_Base_V1::removePluginConflicts()
868
  */
869
- protected function removePluginConflicts() {
870
- if ( class_exists('AIO_WP_Security') && isset( $GLOBALS['aio_wp_security'] ) ) {
871
- remove_action( 'init', array( $GLOBALS['aio_wp_security'], 'wp_security_plugin_init'), 0 );
872
- }
873
  }
874
-
875
  /**
876
- * Updates the current log data with new data.
877
- *
878
- * @return void
879
  */
880
- protected function updateLogStore() {
881
-
882
- if ( isset( $this->m_oFirewallProcessor ) && is_object( $this->m_oFirewallProcessor ) && $this->getIsMainFeatureEnabled( 'firewall' ) ) {
883
- $aLogData = $this->m_oFirewallProcessor->flushLogData();
884
- if ( !is_null( $aLogData ) && !empty( $aLogData ) ) {
885
- $this->loadProcessor( 'Logging' );
886
- $this->m_oLoggingProcessor->addDataToWrite( $aLogData );
887
- }
888
- }
889
-
890
- if ( isset( $this->m_oLoginProtectProcessor ) && is_object( $this->m_oLoginProtectProcessor ) && $this->getIsMainFeatureEnabled( 'login_protect' ) ) {
891
- $aLogData = $this->m_oLoginProtectProcessor->flushLogData();
892
- if ( !is_null( $aLogData ) && !empty( $aLogData ) ) {
893
- $this->loadProcessor( 'Logging' );
894
- $this->m_oLoggingProcessor->addDataToWrite( $aLogData );
895
- }
896
- }
897
- }
898
-
899
- protected function shutdown() {
900
- $this->updateLogStore();
901
- parent::shutdown();
902
  }
903
 
904
- protected function getPluginsListUpdateMessage() {
905
- return _wpsf__( 'Upgrade Now To Keep Your Firewall Up-To-Date With The Latest Features.' );
906
- }
907
-
908
- protected function getAdminNoticeHtml_Translations() {
909
-
910
- if ( $this->getInstallationDays() < 7 ) {
911
- return '';
912
- }
913
-
914
- $sMetaFlag = self::$sOptionPrefix.'hide_translation_notice';
915
-
916
- $sRedirectPage = 'index.php';
917
- ob_start(); ?>
918
- <style>
919
- a#fromIcwp { padding: 0 5px; border-bottom: 1px dashed rgba(0,0,0,0.1); color: blue; font-weight: bold; }
920
- </style>
921
- <form id="IcwpTranslationsNotice" method="post" action="admin.php?page=<?php echo $this->getSubmenuId('firewall'); ?>&<?php echo $sMetaFlag; ?>=1">
922
- <input type="hidden" value="<?php echo $sRedirectPage; ?>" name="redirect_page" id="redirect_page">
923
- <input type="hidden" value="1" name="<?php echo $sMetaFlag; ?>" id="<?php echo $sMetaFlag; ?>">
924
- <h4 style="margin:10px 0 3px;">
925
- <?php _wpsf_e( 'Would you like to help translate the WordPress Simple Firewall into your language?' ); ?>
926
- <?php printf( _wpsf__( 'Head over to: %s' ), '<a href="http://translate.icontrolwp.com" target="_blank">translate.icontrolwp.com</a>' ); ?>
927
- </h4>
928
- <input type="submit" value="<?php _wpsf_e( 'Dismiss this notice' ); ?>" name="submit" class="button" style="float:left; margin-bottom:10px;">
929
- <div style="clear:both;"></div>
930
- </form>
931
- <?php
932
- $sNotice = ob_get_contents();
933
- ob_end_clean();
934
- return $sNotice;
935
- }
936
-
937
- protected function getAdminNoticeHtml_VersionUpgrade() {
938
-
939
- // for now just showing this for the first 3 days of installation.
940
- if ( $this->getInstallationDays() > 7 ) {
941
- return '';
942
- }
943
-
944
- $sMetaFlag = self::$sOptionPrefix.'hide_update_notice';
945
-
946
- $sRedirectPage = 'admin.php?page=icwp-wpsf';
947
- ob_start(); ?>
948
- <style>a#fromIcwp { padding: 0 5px; border-bottom: 1px dashed rgba(0,0,0,0.1); color: blue; font-weight: bold; }</style>
949
- <form id="IcwpUpdateNotice" method="post" action="admin.php?page=<?php echo $this->getSubmenuId('firewall'); ?>&<?php echo $sMetaFlag; ?>=1">
950
- <input type="hidden" value="<?php echo $sRedirectPage; ?>" name="redirect_page" id="redirect_page">
951
- <input type="hidden" value="1" name="<?php echo $sMetaFlag; ?>" id="<?php echo $sMetaFlag; ?>">
952
- <p>
953
- <?php _wpsf_e( 'Note: WordPress Simple Firewall plugin does not automatically turn on when you install/update.' ); ?>
954
- <?php printf( _wpsf__( 'There may also be %simportant updates to read about%s.' ), '<a href="http://icwp.io/27" id="fromIcwp" title="'._wpsf__( 'WordPress Simple Firewall' ).'" target="_blank">', '</a>' ); ?>
955
- </p>
956
- </h4>
957
- <input type="submit" value="<?php _wpsf_e( 'Okay, show me the dashboard' ); ?>" name="submit" class="button" style="float:left; margin-bottom:10px;">
958
- <div style="clear:both;"></div>
959
- </form>
960
- <?php
961
- $sNotice = ob_get_contents();
962
- ob_end_clean();
963
- return $sNotice;
964
  }
965
 
966
  /**
967
- * @return string|void
 
 
968
  */
969
- protected function getAdminNoticeHtml_MailingListSignup() {
970
-
971
- $nDays = $this->getInstallationDays();
972
- if ( $nDays < 2 ) {
973
- return '';
974
- }
975
- $sMetaFlag = self::$sOptionPrefix.'hide_mailing_list_signup';
976
-
977
- ob_start(); ?>
978
- <!-- Begin MailChimp Signup Form -->
979
- <div id="mc_embed_signup">
980
- <form class="form form-inline" action="http://hostliketoast.us2.list-manage1.com/subscribe/post?u=e736870223389e44fb8915c9a&amp;id=0e1d527259" method="post" id="mc-embedded-subscribe-form" name="mc-embedded-subscribe-form" class="validate" target="_blank" novalidate>
981
- <p>The WordPress Simple Firewall team has launched a education initiative to raise awareness of WordPress security and to provide further help with the WordPress Simple Firewall plugin. Get Involved here:</p>
982
- <input type="text" value="" name="EMAIL" class="required email" id="mce-EMAIL" placeholder="Your Email" />
983
- <input type="text" value="" name="FNAME" class="" id="mce-FNAME" placeholder="Your Name" />
984
- <input type="hidden" value="<?php echo $nDays; ?>" name="DAYS" class="" id="mce-DAYS" />
985
- <input type="submit" value="Get The News" name="subscribe" id="mc-embedded-subscribe" class="button" />
986
- <a href="<?php echo network_admin_url('admin.php?page=icwp-wpsf').'&'.$sMetaFlag.'=1';?>">Dismiss</a>
987
- <div id="mce-responses" class="clear">
988
- <div class="response" id="mce-error-response" style="display:none"></div>
989
- <div class="response" id="mce-success-response" style="display:none"></div>
990
- </div> <!-- real people should not fill this in and expect good things - do not remove this or risk form bot signups-->
991
- <div style="position: absolute; left: -5000px;"><input type="text" name="b_e736870223389e44fb8915c9a_0e1d527259" tabindex="-1" value=""></div>
992
- <div class="clear"></div>
993
- </form>
994
- </div>
995
-
996
- <!--End mc_embed_signup-->
997
- <?php
998
- $sNotice = ob_get_contents();
999
- ob_end_clean();
1000
- return $sNotice;
1001
  }
1002
 
1003
- protected function getAdminNoticeHtml_OptionsUpdated() {
1004
- $sAdminFeedbackNotice = $this->m_oPluginMainOptions->getOpt( 'feedback_admin_notice' );
1005
- if ( !empty( $sAdminFeedbackNotice ) ) {
1006
- $sNotice = '<p>'.$sAdminFeedbackNotice.'</p>';
1007
- return $sNotice;
1008
- $this->m_oPluginMainOptions->setOpt( 'feedback_admin_notice', '' );
1009
- }
1010
- }
1011
-
1012
  /**
1013
- *
1014
  */
1015
- protected function getShowAdminNotices() {
1016
- return $this->m_oPluginMainOptions->getOpt('enable_upgrade_admin_notice') == 'Y';
1017
  }
1018
 
1019
  /**
1020
- * @return int
1021
  */
1022
- protected function getInstallationDays() {
1023
- $this->loadOptionsHandler( 'PluginMain' );
1024
- $nTimeInstalled = $this->m_oPluginMainOptions->getOpt( 'installation_time' );
1025
- if ( empty($nTimeInstalled) ) {
1026
- return 0;
1027
- }
1028
- return round( ( time() - $nTimeInstalled ) / DAY_IN_SECONDS );
1029
  }
1030
 
1031
- protected function getAdminBarNodes() {
1032
- return array(); //disabled for now
1033
- $aMenu = array(
1034
- 'id' => self::$sOptionPrefix.'admin_menu',
1035
- 'title' => '<span class="pluginlogo_16">&nbsp;</span>'._wpsf__('Firewall').'',
1036
- 'href' => 'bob',
1037
- );
1038
- return array( $aMenu );
1039
  }
1040
  }
1041
 
1042
- endif;
1043
-
1044
- $oICWP_Wpsf = ICWP_Wordpress_Simple_Firewall::GetInstance( 'ICWP_Wordpress_Simple_Firewall' );
3
  * Plugin Name: WordPress Simple Firewall
4
  * Plugin URI: http://icwp.io/2f
5
  * Description: A Simple WordPress Firewall
6
+ * Version: 3.0.0
7
  * Text Domain: wp-simple-firewall
8
  * Author: iControlWP
9
  * Author URI: http://icwp.io/2e
30
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31
  */
32
 
33
+ require_once( dirname(__FILE__).'/icwp-wpsf-main.php' );
 
34
 
35
+ class ICWP_Wordpress_Simple_Firewall_Plugin {
 
 
 
 
 
 
 
 
 
 
 
 
 
36
 
37
  /**
38
+ * @const string
 
39
  */
40
+ const ViewDir = 'views';
41
+
42
  /**
43
+ * @const string
44
  */
45
+ const SrcDir = 'src';
46
+
47
  /**
 
48
  * @var string
49
  */
50
+ private static $sVersion = '3.0.0';
51
+
52
  /**
53
  * @var string
54
  */
55
+ private static $sParentSlug = 'icwp';
56
 
57
  /**
58
+ * @var string
59
  */
60
+ private static $sPluginSlug = 'wpsf';
61
 
62
  /**
63
+ * @var string
 
 
 
 
64
  */
65
+ private static $sHumanName = 'WordPress Simple Firewall';
66
 
67
  /**
68
+ * @var string
69
  */
70
+ private static $sMenuTitleName = 'Simple Firewall';
71
 
72
  /**
73
+ * @var string
74
  */
75
+ private static $sTextDomain = 'wp-simple-firewall';
76
 
77
  /**
78
+ * @var string
79
  */
80
+ private static $sBasePermissions = 'manage_options';
81
 
82
  /**
83
+ * @var string
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
84
  */
85
+ private static $sWpmsNetworkAdminOnly = true;
86
 
87
  /**
88
+ * @var string
 
 
 
 
 
 
 
 
 
89
  */
90
+ private static $sRootFile = '';
91
+
92
  /**
93
+ * @var string
94
  */
95
+ private static $fAutoUpgrade = false;
96
+
97
  /**
98
+ * @var string
99
  */
100
+ private static $aFeatures = array(
101
+ 'plugin',
102
+ 'logging',
103
+ 'email',
104
+ 'admin_access_restriction',
105
+ 'firewall',
106
+ 'login_protect',
107
+ 'user_management',
108
+ 'comments_filter',
109
+ // 'privacy_protect',
110
+ 'autoupdates',
111
+ 'lockdown'
112
+ );
113
 
114
  /**
115
+ * @var ICWP_Wordpress_Simple_Firewall_Plugin
116
  */
117
+ public static $oInstance;
118
 
119
  /**
120
+ * @return ICWP_Wordpress_Simple_Firewall_Plugin
121
  */
122
+ public static function GetInstance() {
123
+ if ( !isset( self::$oInstance ) ) {
124
+ self::$oInstance = new self();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
125
  }
126
+ return self::$oInstance;
 
127
  }
128
 
129
  /**
 
130
  */
131
+ private function __construct() {
132
+ if ( empty( self::$sRootFile ) ) {
133
+ self::$sRootFile = __FILE__;
 
134
  }
 
 
 
135
  }
 
 
 
 
 
 
 
 
 
 
136
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
137
  /**
138
+ * @return string
139
  */
140
+ public function getAdminMenuTitle() {
141
+ return self::$sMenuTitleName;
 
 
 
142
  }
143
+
144
  /**
145
+ * @return string
146
  */
147
+ public function getBasePermissions() {
148
+ return self::$sBasePermissions;
 
149
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
150
 
 
 
 
 
 
151
  /**
152
+ * @param string
153
+ * @return string
154
  */
155
+ public function getFullPluginPrefix( $sGlue = '-' ) {
156
+ return sprintf( '%s%s%s', self::$sParentSlug, $sGlue, self::$sPluginSlug );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
157
  }
158
 
159
  /**
160
+ * @param string
161
+ * @return string
 
162
  */
163
+ public function getFeatures() {
164
+ return self::$aFeatures;
 
 
 
 
 
 
 
 
165
  }
166
 
167
  /**
168
+ * @param string
169
+ * @return string
170
  */
171
+ public function getOptionStoragePrefix() {
172
+ return $this->getFullPluginPrefix( '_' ).'_';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
173
  }
 
 
 
 
 
 
 
 
 
174
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
175
  /**
176
+ * @return string
177
  */
178
+ public function getHumanName() {
179
+ return self::$sHumanName;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
180
  }
181
 
182
  /**
183
+ * @return string
 
 
 
 
 
 
184
  */
185
+ public function getIsWpmsNetworkAdminOnly() {
186
+ return self::$sWpmsNetworkAdminOnly;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
187
  }
188
 
189
  /**
190
+ * @return string
191
  */
192
+ public function getParentSlug() {
193
+ return self::$sParentSlug;
 
 
 
 
194
  }
195
 
196
  /**
197
+ * @return string
 
 
198
  */
199
+ public function getPluginSlug() {
200
+ return self::$sPluginSlug;
 
 
201
  }
202
+
203
  /**
204
+ * get the root directory for the plugin with the trailing slash
205
+ *
206
+ * @return string
207
  */
208
+ public function getRootDir() {
209
+ return dirname( $this->getRootFile() ).ICWP_DS;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
210
  }
211
 
212
+ /**
213
+ * @return string
214
+ */
215
+ public function getRootFile() {
216
+ return self::$sRootFile;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
217
  }
218
 
219
  /**
220
+ * get the directory for the plugin view with the trailing slash
221
+ *
222
+ * @return string
223
  */
224
+ public function getSourceDir() {
225
+ return $this->getRootDir().self::SrcDir.ICWP_DS;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
226
  }
227
 
 
 
 
 
 
 
 
 
 
228
  /**
229
+ * @return string
230
  */
231
+ public function getTextDomain() {
232
+ return self::$sTextDomain;
233
  }
234
 
235
  /**
236
+ * @return string
237
  */
238
+ public function getVersion() {
239
+ return self::$sVersion;
 
 
 
 
 
240
  }
241
 
242
+ /**
243
+ * get the directory for the plugin view with the trailing slash
244
+ *
245
+ * @return string
246
+ */
247
+ public function getViewDir() {
248
+ return $this->getRootDir().self::ViewDir.ICWP_DS;
 
249
  }
250
  }
251
 
252
+ $oICWP_Wpsf = new ICWP_Wordpress_Simple_Firewall( ICWP_Wordpress_Simple_Firewall_Plugin::GetInstance() );
 
 
readme.txt CHANGED
@@ -6,7 +6,7 @@ License URI: http://www.gnu.org/licenses/gpl.html
6
  Tags: WordPress Firewall, protection, whitelist, blacklist, two-factor authentication, GASP, comment spam, automatic updates, lockdown, login, hack, login
7
  Requires at least: 3.2.0
8
  Tested up to: 3.9
9
- Stable tag: 2.6.6
10
 
11
  Complete and Simple WordPress Security. Unrestricted, Easy, No Premium Features.
12
 
@@ -229,6 +229,25 @@ You can either manually upgrade, or WordPress will handle it in due course.
229
 
230
  * CHANGE: Interface to give a better "At-A-Glance" Dashboard summary view, that also allows you to turn on/off core features.
231
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
232
  = 2.6.6 =
233
 
234
  * FIX: Improved compatibility with bbPress.
6
  Tags: WordPress Firewall, protection, whitelist, blacklist, two-factor authentication, GASP, comment spam, automatic updates, lockdown, login, hack, login
7
  Requires at least: 3.2.0
8
  Tested up to: 3.9
9
+ Stable tag: 3.0.0
10
 
11
  Complete and Simple WordPress Security. Unrestricted, Easy, No Premium Features.
12
 
229
 
230
  * CHANGE: Interface to give a better "At-A-Glance" Dashboard summary view, that also allows you to turn on/off core features.
231
 
232
+ = 3.0.0 =
233
+
234
+ * FEATURE: User Management. Phase 1 - create user sessions to track current and attempted logged in users.
235
+ * CHANGED: MASSIVE plugin refactoring for better performance and faster, more reliable future development of features
236
+ * ADDED: Obscurity Feature - ability to remove the WP Generator meta tag.
237
+ * ADDED: ability to change user login session length in days
238
+ * ADDED: ability to set session idle timeout in hours
239
+ * ADDED: ability to lock session to a particular IP address (2-factor auth by IP is separate)
240
+ * ADDED: ability to view active user sessions
241
+ * ADDED: ability to view last page visited for active sessions
242
+ * ADDED: ability to view last active time for active sessions
243
+ * ADDED: ability to view failed or attempted logins in the past 48hrs
244
+ * ADDED: Support for GASP login using WooCommerce
245
+ * CHANGED: Admin Access Restriction now has a separate options/feature page
246
+ * CHANGED: Admin styling to better see some selected options
247
+ * ADDED: Support for WP Wall shoutbox plugin (does no GASP comment checks)
248
+ * CHANGED: Removed support for upgrading from versions prior to 2.0
249
+ * CHANGED: Removed support for importing from Firewall 2 plugin - to import, manually install plugin v2.6.6, import settings, then upgrade.
250
+
251
  = 2.6.6 =
252
 
253
  * FIX: Improved compatibility with bbPress.
resources/css/plugin.css CHANGED
@@ -25,7 +25,7 @@
25
  }
26
  .bootstrap-wpadmin .page-header {
27
  padding-bottom: 17px;
28
- margin: 18px 0;
29
  border-bottom: 1px solid #EEE;
30
  }
31
  /* Form elements */
@@ -81,11 +81,28 @@ p.code-description {
81
  font-size: smaller;
82
  font-style: italic;
83
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
84
  .option_section {
85
  background-color: rgba(0, 0, 0, 0.008);
86
  border: 1px solid #E6E6E6;
87
- border-radius: 8px;
88
- margin-bottom: 8px;
89
  padding: 8px 10px;
90
  }
91
  .option_section label {
25
  }
26
  .bootstrap-wpadmin .page-header {
27
  padding-bottom: 17px;
28
+ margin: 18px 0 0;
29
  border-bottom: 1px solid #EEE;
30
  }
31
  /* Form elements */
81
  font-size: smaller;
82
  font-style: italic;
83
  }
84
+ .form-horizontal legend {
85
+ border-bottom: 1px dashed #aaa;
86
+ margin-bottom: 8px;
87
+ margin-top: 30px;
88
+ }
89
+ .form-horizontal .item_group .control-group {
90
+ margin-bottom: 0;
91
+ }
92
+ .form-horizontal .item_group {
93
+ border-radius: 4px;
94
+ box-sizing: border-box;
95
+ margin-bottom: 10px;
96
+ padding: 20px 20px 20px 0;
97
+ }
98
+ .form-horizontal .selected_item_group {
99
+ border: 1px solid rgba(135, 232, 38, 0.55);
100
+ background-color: rgba(135, 232, 38, 0.1);
101
+ }
102
  .option_section {
103
  background-color: rgba(0, 0, 0, 0.008);
104
  border: 1px solid #E6E6E6;
105
+ border-radius: 4px;
 
106
  padding: 8px 10px;
107
  }
108
  .option_section label {
src/icwp-base-processor.php CHANGED
@@ -18,10 +18,10 @@
18
  *
19
  */
20
 
21
- if ( !class_exists('ICWP_BaseProcessor_V2') ):
 
 
22
 
23
- class ICWP_BaseProcessor_V2 {
24
-
25
  const PcreDelimiter = '/';
26
  const LOG_MESSAGE_LEVEL_INFO = 0;
27
  const LOG_MESSAGE_LEVEL_WARNING = 1;
@@ -31,16 +31,6 @@ class ICWP_BaseProcessor_V2 {
31
  const LOG_CATEGORY_FIREWALL = 1;
32
  const LOG_CATEGORY_LOGINPROTECT = 2;
33
 
34
- /**
35
- * @var string
36
- */
37
- protected $m_sStorageKey;
38
-
39
- /**
40
- * @var boolean
41
- */
42
- protected $m_fNeedSave;
43
-
44
  /**
45
  * @var array
46
  */
@@ -49,35 +39,32 @@ class ICWP_BaseProcessor_V2 {
49
  * @var array
50
  */
51
  protected $m_aLogMessages;
52
-
53
  /**
54
  * @var long
55
  */
56
- protected $m_nRequestIp;
57
-
58
  /**
59
- * @var boolean
60
  */
61
- protected $m_fLoggingEnabled;
62
-
63
  /**
64
- * @var ICWP_EmailProcessor
65
  */
66
- protected $m_oEmailHandler;
67
-
68
  /**
69
  * @var array
70
  */
71
- protected $m_aOptions;
72
 
73
  /**
74
- * @var ICWP_OptionsHandler_Base_WPSF
75
  */
76
- protected $m_oOptionsHandler;
77
 
78
- public function __construct( $insStorageKey ) {
79
- $this->m_sStorageKey = $insStorageKey;
80
- $this->m_fNeedSave = true;
81
  $this->reset();
82
  }
83
 
@@ -85,7 +72,12 @@ class ICWP_BaseProcessor_V2 {
85
  * Resets the object values to be re-used anew
86
  */
87
  public function reset() {
88
- $this->m_nRequestIp = $this->getVisitorIpAddress();
 
 
 
 
 
89
  $this->resetLog();
90
  }
91
 
@@ -93,67 +85,31 @@ class ICWP_BaseProcessor_V2 {
93
  * Override to set what this processor does when it's "run"
94
  */
95
  public function run() { }
96
-
97
- /**
98
- * Ensure that when we save the object later, it doesn't save unnecessary data.
99
- */
100
- public function doPreStore() {
101
- unset( $this->m_oEmailHandler );
102
- }
103
-
104
- /**
105
- */
106
- public function store() {
107
- $this->doPreStore();
108
- if ( $this->getNeedSave() ) {
109
- $this->setNeedSave( false );
110
- update_option( $this->m_sStorageKey, $this );
111
- }
112
- }
113
 
114
  /**
115
  */
116
  public function deleteStore() {
117
- delete_option( $this->m_sStorageKey );
118
- }
119
-
120
- /**
121
- * @return boolean
122
- */
123
- public function getNeedSave() {
124
- return $this->m_fNeedSave;
125
- }
126
-
127
- /**
128
- * @param boolean $infNeedSave
129
- */
130
- public function setNeedSave( $infNeedSave = true ) {
131
- $this->m_fNeedSave = $infNeedSave;
132
  }
133
 
134
  /**
135
  *
136
- * @param array $inaOptions
137
- */
138
- public function setOptions( &$inaOptions ) {
139
- $this->m_aOptions = $inaOptions;
140
- }
141
- /**
142
- *
143
- * @param ICWP_OptionsHandler_Base_WPSF $inoOptionsHandler
144
  */
145
- public function setOptionsHandler( ICWP_OptionsHandler_Base_WPSF &$inoOptionsHandler ) {
146
- $this->m_oOptionsHandler = $inoOptionsHandler;
147
- $this->m_aOptions = $this->m_oOptionsHandler->getPluginOptionsValues();
148
  }
149
 
150
  /**
151
- * @param $insKey
152
- * @param bool $inmDefault
153
  * @return bool
154
  */
155
- public function getOption( $insKey, $inmDefault = false ) {
156
- return isset( $this->m_aOptions[$insKey] )? $this->m_aOptions[$insKey] : $inmDefault;
 
 
 
157
  }
158
 
159
  /**
@@ -167,18 +123,45 @@ class ICWP_BaseProcessor_V2 {
167
  return $fStrict? $mOptionValue === $mValueToTest : $mOptionValue == $mValueToTest;
168
  }
169
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
170
  /**
171
  * Resets the log
172
  */
173
  public function resetLog() {
174
  $this->m_aLogMessages = array();
175
  }
176
-
177
  /**
178
- * @param boolean $infEnableLogging
 
 
 
 
 
 
 
 
 
 
179
  */
180
- public function setLogging( $infEnableLogging = true ) {
181
- $this->m_fLoggingEnabled = $infEnableLogging;
 
 
 
182
  }
183
 
184
  /**
@@ -188,10 +171,8 @@ class ICWP_BaseProcessor_V2 {
188
  */
189
  public function getLogData() {
190
 
191
- if ( $this->m_fLoggingEnabled ) {
192
- $this->m_aLog = array(
193
- 'messages' => serialize( $this->m_aLogMessages ),
194
- );
195
  }
196
  else {
197
  $this->m_aLog = false;
@@ -199,16 +180,26 @@ class ICWP_BaseProcessor_V2 {
199
 
200
  return $this->m_aLog;
201
  }
 
 
 
 
 
 
 
 
 
 
202
 
203
  /**
204
- * @param string $insLogMessage
205
- * @param string $insMessageType
206
  */
207
- public function writeLog( $insLogMessage = '', $insMessageType = self::LOG_MESSAGE_LEVEL_INFO ) {
208
  if ( !is_array( $this->m_aLogMessages ) ) {
209
  $this->resetLog();
210
  }
211
- $this->m_aLogMessages[] = array( $insMessageType, $insLogMessage );
212
  }
213
  /**
214
  * @param string $insLogMessage
@@ -230,8 +221,6 @@ class ICWP_BaseProcessor_V2 {
230
  }
231
 
232
  /**
233
- * Cloudflare compatible.
234
- *
235
  * @param boolean $infAsLong - visitor IP Address as IP2Long
236
  * @return integer - visitor IP Address as IP2Long
237
  */
@@ -300,31 +289,17 @@ class ICWP_BaseProcessor_V2 {
300
  }
301
 
302
  /**
303
- * We force PHP to pass by reference in case of older versions of PHP (?)
304
- *
305
- * @param ICWP_EmailProcessor $inoEmailHandler
306
  */
307
- public function setEmailHandler( &$inoEmailHandler ) {
308
- $this->m_oEmailHandler = $inoEmailHandler;
309
  }
310
-
311
- /**
312
- * @param string $insEmailSubject - message subject
313
- * @param array $inaMessage - message content
314
- * @return boolean - message sending success (remember that if throttled, returns true)
315
- */
316
- public function sendEmail( $insEmailSubject, $inaMessage ) {
317
- return $this->m_oEmailHandler->sendEmail( $insEmailSubject, $inaMessage );
318
- }
319
-
320
  /**
321
- * @param string $insEmailAddress - message recipient
322
- * @param string $insEmailSubject - message subject
323
- * @param array $inaMessage - message content
324
- * @return boolean - message sending success (remember that if throttled, returns true)
325
  */
326
- public function sendEmailTo( $insEmailAddress, $insEmailSubject, $inaMessage ) {
327
- return $this->m_oEmailHandler->sendEmailTo( $insEmailAddress, $insEmailSubject, $inaMessage );
328
  }
329
 
330
  /**
@@ -348,9 +323,11 @@ class ICWP_BaseProcessor_V2 {
348
  return true;
349
  }
350
 
351
- protected function constructStorageKey( $insPrefix = '', $insSlug = '' ) {
352
- $sTemplate = '%s%s_processor';
353
- return sprintf($sTemplate, $insPrefix, $insSlug );
 
 
354
  }
355
 
356
  /**
@@ -363,7 +340,9 @@ class ICWP_BaseProcessor_V2 {
363
  /**
364
  */
365
  protected function loadDataProcessor() {
366
- require_once( dirname(__FILE__) . '/icwp-data-processor.php' );
 
 
367
  }
368
 
369
  /**
@@ -383,7 +362,7 @@ class ICWP_BaseProcessor_V2 {
383
  }
384
 
385
  /**
386
- * @return ICWP_WpFunctions_WPSF
387
  */
388
  protected function loadWpsfStatsProcessor() {
389
  require_once( dirname(__FILE__) . '/icwp-wpsf-stats.php' );
@@ -401,5 +380,5 @@ class ICWP_BaseProcessor_V2 {
401
  endif;
402
 
403
  if ( !class_exists('ICWP_WPSF_BaseProcessor') ):
404
- class ICWP_WPSF_BaseProcessor extends ICWP_BaseProcessor_V2 { }
405
  endif;
18
  *
19
  */
20
 
21
+ if ( !class_exists('ICWP_BaseProcessor_V3') ):
22
+
23
+ class ICWP_BaseProcessor_V3 {
24
 
 
 
25
  const PcreDelimiter = '/';
26
  const LOG_MESSAGE_LEVEL_INFO = 0;
27
  const LOG_MESSAGE_LEVEL_WARNING = 1;
31
  const LOG_CATEGORY_FIREWALL = 1;
32
  const LOG_CATEGORY_LOGINPROTECT = 2;
33
 
 
 
 
 
 
 
 
 
 
 
34
  /**
35
  * @var array
36
  */
39
  * @var array
40
  */
41
  protected $m_aLogMessages;
42
+
43
  /**
44
  * @var long
45
  */
46
+ protected static $nRequestIp;
 
47
  /**
48
+ * @var long
49
  */
50
+ protected static $nRequestPostId;
 
51
  /**
52
+ * @var integer
53
  */
54
+ protected static $nRequestTimestamp;
55
+
56
  /**
57
  * @var array
58
  */
59
+ protected $aOptions;
60
 
61
  /**
62
+ * @var ICWP_WPSF_FeatureHandler_Base
63
  */
64
+ protected $oFeatureOptions;
65
 
66
+ public function __construct( ICWP_WPSF_FeatureHandler_Base $oFeatureOptions ) {
67
+ $this->oFeatureOptions = $oFeatureOptions;
 
68
  $this->reset();
69
  }
70
 
72
  * Resets the object values to be re-used anew
73
  */
74
  public function reset() {
75
+ if ( !isset( self::$nRequestIp ) ) {
76
+ self::$nRequestIp = $this->getVisitorIpAddress();
77
+ }
78
+ if ( !isset( self::$nRequestTimestamp ) ) {
79
+ self::$nRequestTimestamp = time();
80
+ }
81
  $this->resetLog();
82
  }
83
 
85
  * Override to set what this processor does when it's "run"
86
  */
87
  public function run() { }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
88
 
89
  /**
90
  */
91
  public function deleteStore() {
92
+ delete_option( $this->constructStorageKey() );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
93
  }
94
 
95
  /**
96
  *
97
+ * @param array $aOptions
 
 
 
 
 
 
 
98
  */
99
+ public function setOptions( &$aOptions ) {
100
+ $this->aOptions = $aOptions;
 
101
  }
102
 
103
  /**
104
+ * @param $sOptionKey
105
+ * @param bool $mDefault
106
  * @return bool
107
  */
108
+ public function getOption( $sOptionKey, $mDefault = false ) {
109
+ if ( !isset( $this->aOptions ) ) {
110
+ $this->aOptions = $this->oFeatureOptions->getPluginOptionsValues();
111
+ }
112
+ return isset( $this->aOptions[$sOptionKey] )? $this->aOptions[$sOptionKey] : $mDefault;
113
  }
114
 
115
  /**
123
  return $fStrict? $mOptionValue === $mValueToTest : $mOptionValue == $mValueToTest;
124
  }
125
 
126
+ /**
127
+ * @return bool|long
128
+ */
129
+ public function getRequestPostId() {
130
+ if ( !isset( self::$nRequestPostId ) ) {
131
+ global $post;
132
+ if ( empty( $post ) ) {
133
+ return false;
134
+ }
135
+ self::$nRequestPostId = $post->ID;
136
+ }
137
+ return self::$nRequestPostId;
138
+ }
139
+
140
  /**
141
  * Resets the log
142
  */
143
  public function resetLog() {
144
  $this->m_aLogMessages = array();
145
  }
146
+
147
  /**
148
+ * @return bool
149
+ */
150
+ public function getIsLogging() {
151
+ return false;
152
+ }
153
+
154
+ /**
155
+ * Should return false when logging is disabled.
156
+ *
157
+ * @return false|array - false when logging is disabled, array with log data otherwise
158
+ * @see ICWP_WPSF_BaseProcessor::getLogData()
159
  */
160
+ public function flushLogData() {
161
+ if ( !$this->getIsLogging() ) {
162
+ return false;
163
+ }
164
+ return false;
165
  }
166
 
167
  /**
171
  */
172
  public function getLogData() {
173
 
174
+ if ( $this->getIsLogging() ) {
175
+ $this->m_aLog = array( 'messages' => serialize( $this->m_aLogMessages ) );
 
 
176
  }
177
  else {
178
  $this->m_aLog = false;
180
 
181
  return $this->m_aLog;
182
  }
183
+
184
+ /**
185
+ * @return array
186
+ */
187
+ public function getLogMessages() {
188
+ if ( !is_array( $this->m_aLogMessages ) ) {
189
+ $this->m_aLogMessages = array();
190
+ }
191
+ return $this->m_aLogMessages;
192
+ }
193
 
194
  /**
195
+ * @param string $sLogMessage
196
+ * @param integer $sMessageType
197
  */
198
+ public function writeLog( $sLogMessage = '', $sMessageType = self::LOG_MESSAGE_LEVEL_INFO ) {
199
  if ( !is_array( $this->m_aLogMessages ) ) {
200
  $this->resetLog();
201
  }
202
+ $this->m_aLogMessages[] = array( $sMessageType, $sLogMessage );
203
  }
204
  /**
205
  * @param string $insLogMessage
221
  }
222
 
223
  /**
 
 
224
  * @param boolean $infAsLong - visitor IP Address as IP2Long
225
  * @return integer - visitor IP Address as IP2Long
226
  */
289
  }
290
 
291
  /**
292
+ * @return ICWP_WPSF_EmailProcessor
 
 
293
  */
294
+ public function getEmailProcessor() {
295
+ return $this->oFeatureOptions->getEmailProcessor();
296
  }
297
+
 
 
 
 
 
 
 
 
 
298
  /**
299
+ * @return ICWP_WPSF_LoggingProcessor
 
 
 
300
  */
301
+ public function getLoggingProcessor() {
302
+ return $this->oFeatureOptions->getLoggingProcessor();
303
  }
304
 
305
  /**
323
  return true;
324
  }
325
 
326
+ /**
327
+ * @return string
328
+ */
329
+ protected function constructStorageKey() {
330
+ return sprintf( '%s%s_processor', $this->oFeatureOptions->getOptionStoragePrefix(), $this->oFeatureOptions->getFeatureSlug() );
331
  }
332
 
333
  /**
340
  /**
341
  */
342
  protected function loadDataProcessor() {
343
+ if ( !class_exists( 'ICWP_WPSF_DataProcessor' ) ) {
344
+ require_once( dirname(__FILE__) . '/icwp-data-processor.php' );
345
+ }
346
  }
347
 
348
  /**
362
  }
363
 
364
  /**
365
+ * @return ICWP_Stats_WPSF
366
  */
367
  protected function loadWpsfStatsProcessor() {
368
  require_once( dirname(__FILE__) . '/icwp-wpsf-stats.php' );
380
  endif;
381
 
382
  if ( !class_exists('ICWP_WPSF_BaseProcessor') ):
383
+ class ICWP_WPSF_BaseProcessor extends ICWP_BaseProcessor_V3 { }
384
  endif;
src/icwp-basedb-processor.php CHANGED
@@ -32,48 +32,31 @@ class ICWP_BaseDbProcessor_WPSF extends ICWP_WPSF_BaseProcessor {
32
  * A link to the WordPress Database object so we don't have to "global" that every time.
33
  * @var wpdb
34
  */
35
- protected $m_oWpdb;
36
 
37
  /**
38
  * The full database table name.
39
  * @var string
40
  */
41
- protected $m_sTableName;
42
  /**
43
  * @var array
44
  */
45
  protected $m_aDataToWrite;
46
 
47
- public function __construct( $insStorageKey, $insTableName ) {
48
- parent::__construct( $insStorageKey );
49
- $this->reset();
50
- $this->setTableName( $insTableName );
51
  $this->createCleanupCron();
52
  }
53
 
54
- /**
55
- * Ensure that when we save the object later, it doesn't save unnecessary data.
56
- */
57
- public function doPreStore() {
58
- parent::doPreStore();
59
- $this->commitData();
60
- unset( $this->m_oWpdb );
61
- }
62
-
63
- /**
64
- * Resets the object values to be re-used anew
65
- */
66
- public function reset() {
67
- parent::reset();
68
- $this->loadWpdb();
69
- }
70
-
71
  /**
72
  * Override to set what this processor does when it's "run"
73
  */
74
  public function run() {
75
  if ( $this->getTableExists() ) {
76
- add_action( self::CleanupCronActionHook, array( $this, 'cleanupDatabase' ) );
 
77
  }
78
  }
79
 
@@ -81,11 +64,11 @@ class ICWP_BaseDbProcessor_WPSF extends ICWP_WPSF_BaseProcessor {
81
  * Loads our WPDB object if required.
82
  */
83
  protected function loadWpdb() {
84
- if ( !is_null( $this->m_oWpdb ) ) {
85
- return;
 
86
  }
87
- global $wpdb;
88
- $this->m_oWpdb = $wpdb;
89
  }
90
 
91
  /**
@@ -93,7 +76,7 @@ class ICWP_BaseDbProcessor_WPSF extends ICWP_WPSF_BaseProcessor {
93
  * @return type
94
  */
95
  public function addDataToWrite( $inaLogData ) {
96
- if ( empty( $inaLogData ) || empty( $inaLogData['messages'] ) ) {
97
  return;
98
  }
99
  if ( empty( $this->m_aDataToWrite ) ) {
@@ -107,13 +90,14 @@ class ICWP_BaseDbProcessor_WPSF extends ICWP_WPSF_BaseProcessor {
107
  *
108
  * This should be overridden per implementation
109
  *
 
110
  * @return array
111
  */
112
- protected function completeDataForWrite( $inaLogData ) {
113
- if ( is_null( $inaLogData ) ) {
114
  return array();
115
  }
116
- return $inaLogData;
117
  }
118
 
119
  /**
@@ -123,9 +107,11 @@ class ICWP_BaseDbProcessor_WPSF extends ICWP_WPSF_BaseProcessor {
123
  if ( empty( $this->m_aDataToWrite ) ) {
124
  return;
125
  }
126
- $this->loadWpdb();
127
  $fSuccess = true;
128
  foreach( $this->m_aDataToWrite as $aDataEntry ) {
 
 
 
129
  $fSuccess = $fSuccess && $this->insertIntoTable( $aDataEntry );
130
  }
131
  if ( $fSuccess ) {
@@ -140,41 +126,52 @@ class ICWP_BaseDbProcessor_WPSF extends ICWP_WPSF_BaseProcessor {
140
  protected function flushData() {
141
  $this->m_aDataToWrite = null;
142
  }
143
-
144
- public function insertIntoTable( $inaData ) {
145
- return $this->m_oWpdb->insert( $this->m_sTableName, $inaData );
 
 
 
 
 
146
  }
147
 
148
  public function selectAllFromTable( $innFormat = ARRAY_A ) {
149
- $sQuery = sprintf( "SELECT * FROM `%s` WHERE `deleted_at` = '0'", $this->m_sTableName );
150
- return $this->m_oWpdb->get_results( $sQuery, $innFormat );
 
151
  }
152
 
153
- public function selectCustomFromTable( $insQuery ) {
154
- return $this->m_oWpdb->get_results( $insQuery, ARRAY_A );
 
155
  }
156
 
157
- public function selectRowFromTable( $insQuery ) {
158
- return $this->m_oWpdb->get_row( $insQuery, ARRAY_A );
 
159
  }
160
 
161
- public function updateRowsFromTable( $inaData, $inaWhere ) {
162
- return $this->m_oWpdb->update( $this->m_sTableName, $inaData, $inaWhere );
 
163
  }
164
 
165
- public function deleteRowsFromTable( $inaWhere ) {
166
- return $this->m_oWpdb->delete( $this->m_sTableName, $inaWhere );
 
167
  }
168
 
169
- protected function deleteAllRowsOlderThan( $innTimeStamp ) {
170
  $sQuery = "
171
  DELETE from `%s`
172
  WHERE
173
  `created_at` < '%s'
174
  ";
175
- $sQuery = sprintf( $sQuery,
176
- $this->m_sTableName,
177
- $innTimeStamp
 
178
  );
179
  $this->doSql( $sQuery );
180
  }
@@ -187,7 +184,7 @@ class ICWP_BaseDbProcessor_WPSF extends ICWP_WPSF_BaseProcessor {
187
  * Will remove all data from this table (to delete the table see dropTable)
188
  */
189
  public function emptyTable() {
190
- $sQuery = sprintf( "TRUNCATE TABLE `%s`", $this->m_sTableName );
191
  return $this->doSql( $sQuery );
192
  }
193
 
@@ -203,7 +200,7 @@ class ICWP_BaseDbProcessor_WPSF extends ICWP_WPSF_BaseProcessor {
203
  * Will completely remove this table from the database
204
  */
205
  public function dropTable() {
206
- $sQuery = sprintf( 'DROP TABLE IF EXISTS `%s`', $this->m_sTableName ) ;
207
  return $this->doSql( $sQuery );
208
  }
209
 
@@ -213,15 +210,28 @@ class ICWP_BaseDbProcessor_WPSF extends ICWP_WPSF_BaseProcessor {
213
  * @param string $insSql
214
  */
215
  public function doSql( $insSql ) {
216
- $this->loadWpdb();
217
- $fResult = $this->m_oWpdb->query( $insSql );
218
  return $fResult;
219
  }
220
 
221
- private function setTableName( $insTableName ) {
222
- return $this->m_sTableName = esc_sql( $this->m_oWpdb->base_prefix . self::DB_TABLE_PREFIX . $insTableName );
 
 
 
 
 
 
223
  }
224
-
 
 
 
 
 
 
 
225
  /**
226
  * Override this to provide custom cleanup.
227
  */
@@ -234,25 +244,26 @@ class ICWP_BaseDbProcessor_WPSF extends ICWP_WPSF_BaseProcessor {
234
  * Will setup the cleanup cron to clean out old entries. This should be overridden per implementation.
235
  */
236
  protected function createCleanupCron() {
237
- if ( ! wp_next_scheduled( self::CleanupCronActionHook ) && ! defined( 'WP_INSTALLING' ) ) {
 
238
  $nNextRun = strtotime( 'tomorrow 6am' ) - get_option( 'gmt_offset' ) * HOUR_IN_SECONDS;
239
- wp_schedule_event( $nNextRun, 'daily', self::CleanupCronActionHook );
240
  }
241
  }
242
-
243
- public function cleanupDatabase() {
244
- //by default do nothing - oiverrde this method
245
- }
246
 
247
  /**
248
  * @return bool
249
  */
250
  public function getTableExists() {
 
251
  $sQuery = "
252
  SHOW TABLES LIKE '%s'
253
  ";
254
- $sQuery = sprintf( $sQuery, $this->m_sTableName );
255
- $mResult = $this->m_oWpdb->get_var( $sQuery );
256
  return !is_null( $mResult );
257
  }
258
  }
32
  * A link to the WordPress Database object so we don't have to "global" that every time.
33
  * @var wpdb
34
  */
35
+ protected $oWpdb;
36
 
37
  /**
38
  * The full database table name.
39
  * @var string
40
  */
41
+ protected $sFullTableName;
42
  /**
43
  * @var array
44
  */
45
  protected $m_aDataToWrite;
46
 
47
+ public function __construct( ICWP_WPSF_FeatureHandler_Base $oFeatureOptions, $sTableName = null ) {
48
+ parent::__construct( $oFeatureOptions );
49
+ $this->setTableName( $sTableName );
 
50
  $this->createCleanupCron();
51
  }
52
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
53
  /**
54
  * Override to set what this processor does when it's "run"
55
  */
56
  public function run() {
57
  if ( $this->getTableExists() ) {
58
+ $sFullHookName = $this->oFeatureOptions->doPluginPrefix( self::CleanupCronActionHook, '_' );
59
+ add_action( $sFullHookName, array( $this, 'cleanupDatabase' ) );
60
  }
61
  }
62
 
64
  * Loads our WPDB object if required.
65
  */
66
  protected function loadWpdb() {
67
+ if ( is_null( $this->oWpdb ) ) {
68
+ global $wpdb;
69
+ $this->oWpdb = $wpdb;
70
  }
71
+ return $this->oWpdb;
 
72
  }
73
 
74
  /**
76
  * @return type
77
  */
78
  public function addDataToWrite( $inaLogData ) {
79
+ if ( empty( $inaLogData ) ) {
80
  return;
81
  }
82
  if ( empty( $this->m_aDataToWrite ) ) {
90
  *
91
  * This should be overridden per implementation
92
  *
93
+ * @param array $aLogData
94
  * @return array
95
  */
96
+ protected function completeDataForWrite( $aLogData ) {
97
+ if ( is_null( $aLogData ) ) {
98
  return array();
99
  }
100
+ return $aLogData;
101
  }
102
 
103
  /**
107
  if ( empty( $this->m_aDataToWrite ) ) {
108
  return;
109
  }
 
110
  $fSuccess = true;
111
  foreach( $this->m_aDataToWrite as $aDataEntry ) {
112
+ if ( empty( $aDataEntry ) ) {
113
+ continue;
114
+ }
115
  $fSuccess = $fSuccess && $this->insertIntoTable( $aDataEntry );
116
  }
117
  if ( $fSuccess ) {
126
  protected function flushData() {
127
  $this->m_aDataToWrite = null;
128
  }
129
+
130
+ /**
131
+ * @param $aData
132
+ * @return boolean
133
+ */
134
+ public function insertIntoTable( $aData ) {
135
+ $oDb = $this->loadWpdb();
136
+ return $oDb->insert( $this->getTableName(), $aData );
137
  }
138
 
139
  public function selectAllFromTable( $innFormat = ARRAY_A ) {
140
+ $oDb = $this->loadWpdb();
141
+ $sQuery = sprintf( "SELECT * FROM `%s` WHERE `deleted_at` = '0'", $this->getTableName() );
142
+ return $oDb->get_results( $sQuery, $innFormat );
143
  }
144
 
145
+ public function selectCustomFromTable( $sQuery ) {
146
+ $oDb = $this->loadWpdb();
147
+ return $oDb->get_results( $sQuery, ARRAY_A );
148
  }
149
 
150
+ public function selectRowFromTable( $sQuery ) {
151
+ $oDb = $this->loadWpdb();
152
+ return $oDb->get_row( $sQuery, ARRAY_A );
153
  }
154
 
155
+ public function updateRowsFromTable( $aData, $aWhere ) {
156
+ $oDb = $this->loadWpdb();
157
+ return $oDb->update( $this->getTableName(), $aData, $aWhere );
158
  }
159
 
160
+ public function deleteRowsFromTable( $aWhere ) {
161
+ $oDb = $this->loadWpdb();
162
+ return $oDb->delete( $this->getTableName(), $aWhere );
163
  }
164
 
165
+ protected function deleteAllRowsOlderThan( $nTime ) {
166
  $sQuery = "
167
  DELETE from `%s`
168
  WHERE
169
  `created_at` < '%s'
170
  ";
171
+ $sQuery = sprintf(
172
+ $sQuery,
173
+ $this->getTableName(),
174
+ $nTime
175
  );
176
  $this->doSql( $sQuery );
177
  }
184
  * Will remove all data from this table (to delete the table see dropTable)
185
  */
186
  public function emptyTable() {
187
+ $sQuery = sprintf( "TRUNCATE TABLE `%s`", $this->getTableName() );
188
  return $this->doSql( $sQuery );
189
  }
190
 
200
  * Will completely remove this table from the database
201
  */
202
  public function dropTable() {
203
+ $sQuery = sprintf( 'DROP TABLE IF EXISTS `%s`', $this->getTableName() ) ;
204
  return $this->doSql( $sQuery );
205
  }
206
 
210
  * @param string $insSql
211
  */
212
  public function doSql( $insSql ) {
213
+ $oDb = $this->loadWpdb();
214
+ $fResult = $oDb->query( $insSql );
215
  return $fResult;
216
  }
217
 
218
+ private function setTableName( $sTableName = null ) {
219
+ $oDb = $this->loadWpdb();
220
+ $sTableString =
221
+ $oDb->prefix
222
+ . self::DB_TABLE_PREFIX
223
+ . ( is_null( $sTableName ) ? $this->oFeatureOptions->getFeatureSlug() : $sTableName );
224
+ $this->sFullTableName = esc_sql( $sTableString );
225
+ return $this->sFullTableName;
226
  }
227
+
228
+ protected function getTableName() {
229
+ if ( empty( $this->sFullTableName ) ) {
230
+ return $this->setTableName();
231
+ }
232
+ return $this->sFullTableName;
233
+ }
234
+
235
  /**
236
  * Override this to provide custom cleanup.
237
  */
244
  * Will setup the cleanup cron to clean out old entries. This should be overridden per implementation.
245
  */
246
  protected function createCleanupCron() {
247
+ $sFullHookName = $this->oFeatureOptions->doPluginPrefix( self::CleanupCronActionHook, '_' );
248
+ if ( ! wp_next_scheduled( $sFullHookName ) && ! defined( 'WP_INSTALLING' ) ) {
249
  $nNextRun = strtotime( 'tomorrow 6am' ) - get_option( 'gmt_offset' ) * HOUR_IN_SECONDS;
250
+ wp_schedule_event( $nNextRun, 'daily', $sFullHookName );
251
  }
252
  }
253
+
254
+ // by default does nothing - override this method
255
+ public function cleanupDatabase() { }
 
256
 
257
  /**
258
  * @return bool
259
  */
260
  public function getTableExists() {
261
+ $oDb = $this->loadWpdb();
262
  $sQuery = "
263
  SHOW TABLES LIKE '%s'
264
  ";
265
+ $sQuery = sprintf( $sQuery, $this->getTableName() );
266
+ $mResult = $oDb->get_var( $sQuery );
267
  return !is_null( $mResult );
268
  }
269
  }
src/icwp-data-processor.php CHANGED
@@ -24,6 +24,11 @@ if ( !class_exists('ICWP_DataProcessor_V1') ):
24
  class ICWP_DataProcessor_V1 {
25
 
26
  public static $fUseFilter = false;
 
 
 
 
 
27
 
28
  /**
29
  * Cloudflare compatible.
@@ -32,7 +37,11 @@ class ICWP_DataProcessor_V1 {
32
  * @return bool|integer - visitor IP Address as IP2Long
33
  */
34
  public static function GetVisitorIpAddress( $infAsLong = true ) {
35
-
 
 
 
 
36
  $aAddressSourceOptions = array(
37
  'HTTP_CF_CONNECTING_IP',
38
  'HTTP_CLIENT_IP',
@@ -43,7 +52,6 @@ class ICWP_DataProcessor_V1 {
43
  );
44
  $fCanUseFilter = function_exists( 'filter_var' ) && defined( 'FILTER_FLAG_NO_PRIV_RANGE' ) && defined( 'FILTER_FLAG_IPV4' );
45
 
46
- $aIpAddresses = array();
47
  foreach( $aAddressSourceOptions as $sOption ) {
48
  if ( empty( $_SERVER[ $sOption ] ) ) {
49
  continue;
@@ -57,13 +65,14 @@ class ICWP_DataProcessor_V1 {
57
  continue;
58
  }
59
  else {
60
- return $infAsLong? ip2long( $sIpAddress ) : $sIpAddress;
 
61
  }
62
  }
63
  }
64
  return false;
65
  }
66
-
67
  /**
68
  * Assumes a valid IPv4 address is provided as we're only testing for a whether the IP is public or not.
69
  *
@@ -384,6 +393,34 @@ class ICWP_DataProcessor_V1 {
384
  return $sPassword;
385
  }
386
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
387
  /**
388
  * @param string $insKey
389
  * @param boolean $infIncludeCookie
@@ -421,26 +458,28 @@ class ICWP_DataProcessor_V1 {
421
  }
422
  /**
423
  * @param string $insKey The $_POST key
 
424
  * @return mixed|null
425
  */
426
- public static function FetchCookie( $insKey ) {
427
  if ( function_exists( 'filter_input' ) && defined( 'INPUT_COOKIE' ) ) {
428
  return filter_input( INPUT_COOKIE, $insKey );
429
  }
430
- return self::ArrayFetch( $_COOKIE, $insKey );
431
  }
432
 
433
  /**
434
  * @param array $inaArray
435
  * @param string $insKey The array key
 
436
  * @return mixed|null
437
  */
438
- public static function ArrayFetch( &$inaArray, $insKey ) {
439
  if ( empty( $inaArray ) ) {
440
- return null;
441
  }
442
  if ( !isset( $inaArray[$insKey] ) ) {
443
- return null;
444
  }
445
  return $inaArray[$insKey];
446
  }
24
  class ICWP_DataProcessor_V1 {
25
 
26
  public static $fUseFilter = false;
27
+
28
+ /**
29
+ * @var string
30
+ */
31
+ protected static $sIpAddress;
32
 
33
  /**
34
  * Cloudflare compatible.
37
  * @return bool|integer - visitor IP Address as IP2Long
38
  */
39
  public static function GetVisitorIpAddress( $infAsLong = true ) {
40
+
41
+ if ( !empty( self::$sIpAddress ) ) {
42
+ return $infAsLong? ip2long( self::$sIpAddress ) : self::$sIpAddress;
43
+ }
44
+
45
  $aAddressSourceOptions = array(
46
  'HTTP_CF_CONNECTING_IP',
47
  'HTTP_CLIENT_IP',
52
  );
53
  $fCanUseFilter = function_exists( 'filter_var' ) && defined( 'FILTER_FLAG_NO_PRIV_RANGE' ) && defined( 'FILTER_FLAG_IPV4' );
54
 
 
55
  foreach( $aAddressSourceOptions as $sOption ) {
56
  if ( empty( $_SERVER[ $sOption ] ) ) {
57
  continue;
65
  continue;
66
  }
67
  else {
68
+ self::$sIpAddress = $sIpAddress;
69
+ return $infAsLong? ip2long( self::$sIpAddress ) : self::$sIpAddress;
70
  }
71
  }
72
  }
73
  return false;
74
  }
75
+
76
  /**
77
  * Assumes a valid IPv4 address is provided as we're only testing for a whether the IP is public or not.
78
  *
393
  return $sPassword;
394
  }
395
 
396
+ /**
397
+ * @param string $sKey
398
+ * @return mixed|null
399
+ */
400
+ public static function FetchServer( $sKey ) {
401
+ if ( function_exists( 'filter_input' ) && defined( 'INPUT_SERVER' ) ) {
402
+ $sPossible = filter_input( INPUT_SERVER, $sKey );
403
+ if ( !empty( $sPossible ) ) {
404
+ return $sPossible;
405
+ }
406
+ }
407
+ return self::ArrayFetch( $_SERVER, $sKey );
408
+ }
409
+
410
+ /**
411
+ * @param string $sKey
412
+ * @return mixed|null
413
+ */
414
+ public static function FetchEnv( $sKey ) {
415
+ if ( function_exists( 'filter_input' ) && defined( 'INPUT_ENV' ) ) {
416
+ $sPossible = filter_input( INPUT_ENV, $sKey );
417
+ if ( !empty( $sPossible ) ) {
418
+ return $sPossible;
419
+ }
420
+ }
421
+ return self::ArrayFetch( $_ENV, $sKey );
422
+ }
423
+
424
  /**
425
  * @param string $insKey
426
  * @param boolean $infIncludeCookie
458
  }
459
  /**
460
  * @param string $insKey The $_POST key
461
+ * @param mixed $mDefault
462
  * @return mixed|null
463
  */
464
+ public static function FetchCookie( $insKey, $mDefault = null ) {
465
  if ( function_exists( 'filter_input' ) && defined( 'INPUT_COOKIE' ) ) {
466
  return filter_input( INPUT_COOKIE, $insKey );
467
  }
468
+ return self::ArrayFetch( $_COOKIE, $insKey, $mDefault );
469
  }
470
 
471
  /**
472
  * @param array $inaArray
473
  * @param string $insKey The array key
474
+ * @param mixed $mDefault
475
  * @return mixed|null
476
  */
477
+ public static function ArrayFetch( &$inaArray, $insKey, $mDefault = null ) {
478
  if ( empty( $inaArray ) ) {
479
+ return $mDefault;
480
  }
481
  if ( !isset( $inaArray[$insKey] ) ) {
482
+ return $mDefault;
483
  }
484
  return $inaArray[$insKey];
485
  }
src/icwp-feature-master.php DELETED
@@ -1,337 +0,0 @@
1
- <?php
2
- /**
3
- * Copyright (c) 2014 iControlWP <support@icontrolwp.com>
4
- * All rights reserved.
5
- *
6
- * This is
7
- * distributed under the GNU General Public License, Version 2,
8
- * June 1991. Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin
9
- * St, Fifth Floor, Boston, MA 02110, USA
10
- *
11
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
12
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
13
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
14
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
15
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
16
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
17
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
18
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
19
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
20
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
21
- */
22
-
23
- require_once( dirname(__FILE__).'/icwp-pure-base.php' );
24
-
25
- if ( !class_exists('ICWP_Feature_Master') ):
26
-
27
- class ICWP_Feature_Master extends ICWP_Pure_Base_V4 {
28
-
29
- /**
30
- *@var array
31
- */
32
- protected $m_aFeatures;
33
-
34
- /**
35
- *@var array
36
- */
37
- protected $m_aOptionsHandlers;
38
-
39
- /**
40
- * @var ICWP_OptionsHandler_Wpsf
41
- */
42
- protected $m_oPluginMainOptions;
43
-
44
- protected $fHasFtpOverride = false;
45
-
46
- public function __construct( $inaFeatures, $inaOptions ) {
47
- parent::__construct();
48
- $this->m_aFeatures = $inaFeatures;
49
- $this->m_aOptionsHandlers = $inaOptions;
50
- }
51
-
52
- /**
53
- * Based on the existence of files placed within the plugin directory, will enable or disable
54
- * all registered features and return the value of the override setting that was put in place.
55
- *
56
- * @return string - override settings (empty string if none).
57
- */
58
- protected function override() {
59
-
60
- if ( $this->m_oWpFs->exists( path_join($this->m_sPluginDir, 'forceOff') ) ) {
61
- $fHasFtpOverride = true;
62
- $sSetting = 'N';
63
- }
64
- else if ( $this->m_oWpFs->exists( path_join($this->m_sPluginDir, 'forceOn') ) ) {
65
- $fHasFtpOverride = true;
66
- $sSetting = 'Y';
67
- }
68
- else {
69
- $sSetting = '';
70
- }
71
-
72
- if ( $sSetting == '' ) {
73
- return $sSetting;
74
- }
75
-
76
- $aFeatures = $this->getFeaturesMap();
77
- foreach( $aFeatures as $sFeature => $sName ) {
78
- $this->setSharedOption( 'enable_'.$sFeature, $sSetting );
79
- }
80
- return $sSetting;
81
- }
82
-
83
- /**
84
- * @return array
85
- */
86
- protected function getFeaturesMap() {
87
- return $this->m_aFeatures;
88
- }
89
-
90
- /**
91
- * Given a certain feature 'slug' will return true if this is a particular supported feature of this plugin.
92
- *
93
- * @param string $insFeature
94
- * @return boolean
95
- */
96
- public function getIsFeature( $insFeature ) {
97
- return array_key_exists( $insFeature, $this->getFeaturesMap() ) || in_array( $insFeature, $this->getFeaturesMap() );
98
- }
99
-
100
- /**
101
- * @param string $insFeature - firewall, login_protect, comments_filter, lockdown
102
- * @return boolean
103
- */
104
- public function getIsMainFeatureEnabled( $insFeature ) {
105
-
106
- if ( $this->m_oWpFs->exists( $this->m_sPluginPath . 'forceOff' ) ) {
107
- return false;
108
- }
109
- else if ( $this->m_oWpFs->exists( $this->m_sPluginPath . 'forceOn' ) ) {
110
- return true;
111
- }
112
-
113
- $aFeatures = $this->getFeaturesMap();
114
- if ( array_key_exists( $insFeature, $aFeatures ) ) {
115
- $fEnabled = $this->m_oPluginMainOptions->getOpt( 'enable_'.$insFeature ) == 'Y';
116
- }
117
- else {
118
- $fEnabled = false;
119
- }
120
- return $fEnabled;
121
- }
122
-
123
- /**
124
- * This is necessary because we store these values in several places and we need to always keep it in sync.
125
- *
126
- * @param string $insOption
127
- * @param mixed $inmValue
128
- * @return boolean
129
- */
130
- public function setSharedOption( $insOption, $inmValue ) {
131
-
132
- $aFeatures = $this->getFeaturesMap();
133
-
134
- $sFeature = str_replace( 'enable_', '', $insOption );
135
- if ( !array_key_exists( $sFeature, $aFeatures ) ) {
136
- return;
137
- }
138
-
139
- $this->loadOptionsHandler( $aFeatures[$sFeature] );
140
- $sOptions = 'm_o'.$aFeatures[$sFeature].'Options';// e.g. m_oFirewallOptions
141
- $this->{$sOptions}->setOpt( $insOption, $inmValue );
142
- $this->m_oPluginMainOptions->setOpt( $insOption, $inmValue );
143
- }
144
-
145
- protected function loadOptionsHandler( $insOptionHandler = 'PluginMain', $infRecreate = false, $infFullBuild = false ) {
146
-
147
- $aAllHandlers = array_values( $this->getFeaturesMap() );
148
- $aAllHandlers[] = 'PluginMain';
149
-
150
- // special case
151
- if ( $insOptionHandler == 'all' ) {
152
- foreach( $aAllHandlers as $sHandler ) {
153
- $fSuccess = $this->loadOptionsHandler( $sHandler, $infRecreate, $infFullBuild );
154
- }
155
- return $fSuccess;
156
- }
157
-
158
- if ( !in_array( $insOptionHandler, $aAllHandlers ) ) {
159
- return false;
160
- }
161
-
162
- $sOptionsVarName = 'm_o'.$insOptionHandler.'Options'; // e.g. m_oPluginMainOptions
163
- if ( $insOptionHandler == 'PluginMain' ) {
164
- $sSourceFile = dirname(__FILE__).'/icwp-optionshandler-'.$this->m_sPluginSlug.'.php'; // e.g. icwp-optionshandler-wpsf.php
165
- $sClassName = 'ICWP_OptionsHandler_'.ucfirst( $this->m_sPluginSlug ); // e.g. ICWP_OptionsHandler_Wpsf
166
- }
167
- else {
168
- $sSourceFile = dirname(__FILE__).'/icwp-optionshandler-'.strtolower($insOptionHandler).'.php'; // e.g. icwp-optionshandler-wpsf.php
169
- $sClassName = 'ICWP_OptionsHandler_'.$insOptionHandler; // e.g. ICWP_OptionsHandler_Wpsf
170
- }
171
-
172
- require_once( $sSourceFile );
173
- if ( $infRecreate || !isset( $this->{$sOptionsVarName} ) ) {
174
- $this->{$sOptionsVarName} = new $sClassName( self::$sOptionPrefix, $this->m_sVersion, $infFullBuild );
175
- }
176
- if ( $infFullBuild ) {
177
- $this->{$sOptionsVarName}->buildOptions();
178
- }
179
- return true;
180
- }
181
-
182
- /**
183
- * Given a feature/processor name will load the variable for it, including the appropriate source file.
184
- *
185
- * @param string $insProcessorName
186
- * @param boolean $infRebuild
187
- * @return ICWP_OptionsHandler_Base_Wpsf
188
- */
189
- protected function loadProcessor( $insProcessorName, $infRebuild = false ) {
190
- $aAllProcessors = $this->getFeaturesMap();
191
-
192
- if ( !in_array( $insProcessorName, array_values($aAllProcessors) ) ) {
193
- $this->doWpDie( sprintf('Processor %s is not permitted here.', $insProcessorName) );
194
- }
195
- $sProcessorVarName = 'm_o'.$insProcessorName.'Processor'; // e.g. m_oFirewallProcessor
196
- $sSourceFile = dirname(__FILE__).'/icwp-processor-'.strtolower($insProcessorName).'.php'; // e.g. icwp-optionshandler-wpsf.php
197
- $sClassName = 'ICWP_'.strtoupper( $this->m_sPluginSlug ).'_'.$insProcessorName.'Processor'; // e.g. ICWP_WPSF_FirewallProcessor
198
- $sStorageKey = array_search($insProcessorName, $aAllProcessors).'_processor'; // e.g. firewall_processor
199
- $sOptionsHandlerVarName = 'm_o'.$insProcessorName.'Options'; // e.g. m_oFirewallOptions
200
-
201
- require_once( $sSourceFile );
202
- if ( $infRebuild || empty( $this->{$sProcessorVarName} ) ) {
203
- $oTemp = $this->getOption( $sStorageKey );
204
- if ( !$infRebuild && is_object( $oTemp ) && ( $oTemp instanceof $sClassName ) ) {
205
- $oTemp->reset();
206
- }
207
- else {
208
- $oTemp = new $sClassName( self::$sOptionPrefix );
209
- }
210
- $this->{$sProcessorVarName} = $oTemp;
211
- }
212
- if ( $this->loadOptionsHandler( $insProcessorName ) ) {
213
- $aOptionsValues = $this->{$sOptionsHandlerVarName}->getPluginOptionsValues();
214
- $this->{$sProcessorVarName}->setOptions( $aOptionsValues );
215
- }
216
- return $this->{$sProcessorVarName};
217
- }
218
-
219
- protected function resetProcessor( $insProcessorName ) {
220
- if ( !$this->getIsFeature( $insProcessorName ) ) {
221
- $this->doWpDie('Not a processor: '.$insProcessorName);
222
- return;
223
- }
224
- $this->loadProcessor( $insProcessorName );
225
- return;
226
- }
227
-
228
- protected function resetOptionHandler( $insOptionName ) {
229
- if ( !$this->getIsFeature( $insOptionName ) ) {
230
- $this->doWpDie('Not a feature: '.$insOptionName);
231
- return;
232
- }
233
- $this->loadOptionsHandler( $insOptionName );
234
- return;
235
- }
236
-
237
- public function clearCaches() {
238
- $aFeatures = $this->getFeaturesMap();
239
- foreach( $aFeatures as $sFeature ) {
240
- $this->resetOptionHandler( $sFeature );
241
- $this->resetProcessor( $sFeature );
242
- }
243
- }
244
-
245
- protected function getAllOptionsHandlers() {
246
- $this->loadOptionsHandler('all');
247
- $aOptions = array();
248
- foreach( $this->m_aOptionsHandlers as $sName ) {
249
- if ( isset( $this->{$sName} ) ) {
250
- $aOptions[] = &$this->{$sName};
251
- }
252
- }
253
- return $aOptions;
254
- }
255
-
256
- /**
257
- * Makes sure and cache the processors after all is said and done.
258
- */
259
- public function saveProcessors() {
260
- $aFeatures = $this->getFeaturesMap();
261
- foreach( $aFeatures as $sSlug => $sProcessorName ) {
262
- $oProcessor = $this->getProcessorVar( $sProcessorName );
263
- if ( !is_null($oProcessor) && is_object($oProcessor) ) {
264
- $oProcessor->store();
265
- }
266
- }
267
- }
268
-
269
- /**
270
- * Makes sure and cache the processors after all is said and done.
271
- */
272
- public function saveOptions() {
273
- $aOptions = $this->getAllOptionsHandlers();
274
- foreach( $aOptions as &$oOption ) {
275
- if ( isset( $oOption ) ) {
276
- $oOption->savePluginOptions();
277
- }
278
- }
279
- }
280
-
281
- /**
282
- *
283
- * @param string $insProcessorName
284
- * @param bool $infLoad
285
- * @return null|ICWP_WPSF_BaseProcessor
286
- */
287
- protected function getProcessorVar( $insProcessorName, $infLoad = false ) {
288
- if ( !$this->getIsFeature( $insProcessorName ) ) {
289
- return null;
290
- }
291
- $sProcessorVariable = 'm_o'.$insProcessorName.'Processor';
292
- if ( $infLoad || !isset( $this->{$sProcessorVariable} ) ) {
293
- $this->loadProcessor( $insProcessorName );
294
- }
295
- $sProcessorVariable = 'm_o'.$insProcessorName.'Processor';
296
- return $this->{$sProcessorVariable};
297
- }
298
-
299
- protected function shutdown() {
300
- parent::shutdown();
301
- $this->saveOptions();
302
- $this->saveProcessors();
303
- }
304
-
305
- protected function deleteAllPluginDbOptions() {
306
- if ( !current_user_can( 'manage_options' ) ) {
307
- return;
308
- }
309
-
310
- $aOptions = $this->getAllOptionsHandlers();
311
- foreach( $aOptions as &$oOption ) {
312
- $oOption->deletePluginOptions();
313
- }
314
-
315
- $aFeatures = $this->getFeaturesMap();
316
- foreach( $aFeatures as $sSlug => $sProcessorName ) {
317
- $oProcessor = $this->getProcessorVar( $sProcessorName, true );
318
- if ( !is_null($oProcessor) && is_object($oProcessor) ) {
319
- $oProcessor->deleteAndCleanUp();
320
- }
321
- }
322
- remove_action( 'shutdown', array( $this, 'onWpShutdown' ) );
323
- }
324
-
325
- public function onWpActivatePlugin() {
326
- $this->loadOptionsHandler( 'all', true, true );
327
- }
328
-
329
- public function onWpDeactivatePlugin() {
330
- if ( $this->m_oPluginMainOptions->getOpt( 'delete_on_deactivate' ) == 'Y' ) {
331
- $this->deleteAllPluginDbOptions();
332
- }
333
- }
334
-
335
- }
336
-
337
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
src/icwp-import-wpf2-processor.php CHANGED
@@ -22,11 +22,11 @@ if ( !class_exists('ICWP_ImportWpf2Processor') ):
22
  class ICWP_ImportWpf2Processor extends ICWP_ImportBaseProcessor {
23
 
24
  /**
25
- * @var ICWP_OptionsHandler_Wpsf
26
  */
27
  protected $m_oWpsfOptions;
28
  /**
29
- * @var ICWP_OptionsHandler_Firewall
30
  */
31
  protected $m_oFirewallOptions;
32
 
22
  class ICWP_ImportWpf2Processor extends ICWP_ImportBaseProcessor {
23
 
24
  /**
25
+ * @var ICWP_WPSF_FeatureHandler_Plugin
26
  */
27
  protected $m_oWpsfOptions;
28
  /**
29
+ * @var ICWP_WPSF_FeatureHandler_Firewall
30
  */
31
  protected $m_oFirewallOptions;
32
 
src/icwp-optionshandler-admin_access_restriction.php ADDED
@@ -0,0 +1,201 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Copyright (c) 2014 iControlWP <support@icontrolwp.com>
4
+ * All rights reserved.
5
+ *
6
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
7
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
8
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
9
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
10
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
11
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
12
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
13
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
14
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
15
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
16
+ */
17
+
18
+ require_once( dirname(__FILE__).'/icwp-optionshandler-base.php' );
19
+
20
+ if ( !class_exists('ICWP_WPSF_FeatureHandler_AdminAccessRestriction') ):
21
+
22
+ class ICWP_WPSF_FeatureHandler_AdminAccessRestriction extends ICWP_WPSF_FeatureHandler_Base {
23
+
24
+ /**
25
+ * @const integer
26
+ */
27
+ const Default_AccessKeyTimeout = 30;
28
+
29
+ /**
30
+ * @var string
31
+ */
32
+ const AdminAccessKeyCookieName = 'icwp_wpsf_aakcook';
33
+
34
+ private $fHasPermissionToSubmit;
35
+
36
+ /**
37
+ * @var ICWP_WPSF_Processor_AdminAccessRestriction
38
+ */
39
+ protected $oFeatureProcessor;
40
+
41
+ public function __construct( $oPluginVo ) {
42
+ $this->sFeatureName = _wpsf__('Admin Access');
43
+ $this->sFeatureSlug = 'admin_access_restriction';
44
+ $this->fShowFeatureMenuItem = true;
45
+ parent::__construct( $oPluginVo );
46
+
47
+ add_filter( $this->doPluginPrefix( 'has_permission_to_submit' ), array( $this, 'doCheckHasPermissionToSubmit' ) );
48
+ add_filter( $this->doPluginPrefix( 'has_permission_to_view' ), array( $this, 'doCheckHasPermissionToSubmit' ) );
49
+ }
50
+
51
+ /**
52
+ * @return ICWP_WPSF_Processor_AdminAccessRestriction|null
53
+ */
54
+ protected function loadFeatureProcessor() {
55
+ if ( !isset( $this->oFeatureProcessor ) ) {
56
+ require_once( dirname(__FILE__).'/icwp-processor-adminaccessrestriction.php' );
57
+ $this->oFeatureProcessor = new ICWP_WPSF_Processor_AdminAccessRestriction( $this );
58
+ }
59
+ return $this->oFeatureProcessor;
60
+ }
61
+
62
+ /**
63
+ *
64
+ */
65
+ public function doCheckHasPermissionToSubmit( $fHasPermission = true ) {
66
+
67
+ $this->loadDataProcessor();
68
+ $sAccessKeyRequest = ICWP_WPSF_DataProcessor::FetchPost( $this->doPluginPrefix( 'admin_access_key_request', '_' ) );
69
+ if ( !empty( $sAccessKeyRequest ) ) {
70
+ $sAccessKeyRequest = md5( trim( $sAccessKeyRequest ) );
71
+ if ( $sAccessKeyRequest === $this->getOpt( 'admin_access_key' ) ) {
72
+ $this->setPermissionToSubmit( true );
73
+ wp_safe_redirect( network_admin_url() );
74
+ }
75
+ }
76
+
77
+ if ( isset( $this->fHasPermissionToSubmit ) ) {
78
+ return $this->fHasPermissionToSubmit;
79
+ }
80
+ $this->fHasPermissionToSubmit = $fHasPermission;
81
+ if ( $this->getIsMainFeatureEnabled() ) {
82
+ $sAccessKey = $this->getOpt( 'admin_access_key' );
83
+ if ( !empty( $sAccessKey ) ) {
84
+ $this->loadDataProcessor();
85
+ $sHash = md5( $sAccessKey.ICWP_WPSF_DataProcessor::GetVisitorIpAddress() );
86
+ $sCookieValue = ICWP_WPSF_DataProcessor::FetchCookie( self::AdminAccessKeyCookieName );
87
+ $this->fHasPermissionToSubmit = $sCookieValue === $sHash;
88
+ }
89
+ }
90
+ return $this->fHasPermissionToSubmit;
91
+ }
92
+
93
+ /**
94
+ *
95
+ */
96
+ public function handleFormSubmit() {
97
+ $fSuccess = parent::handleFormSubmit();
98
+ if ( !$fSuccess ) {
99
+ return $fSuccess;
100
+ }
101
+
102
+ if ( $this->getIsCurrentPageConfig() && is_null( ICWP_WPSF_DataProcessor::FetchPost( $this->doPluginPrefix( 'enable_admin_access_restriction', '_' ) ) ) ) {
103
+ $this->setPermissionToSubmit( false );
104
+ }
105
+ }
106
+
107
+ /**
108
+ * @param bool $fPermission
109
+ */
110
+ protected function setPermissionToSubmit( $fPermission = false ) {
111
+ if ( $fPermission ) {
112
+ $this->loadDataProcessor();
113
+ $sValue = md5( $this->getOpt( 'admin_access_key' ).ICWP_WPSF_DataProcessor::GetVisitorIpAddress() );
114
+ $sTimeout = $this->getOpt( 'admin_access_timeout' ) * 60;
115
+ $_COOKIE[ self::AdminAccessKeyCookieName ] = $sValue;
116
+ setcookie( self::AdminAccessKeyCookieName, $sValue, time()+$sTimeout, COOKIEPATH, COOKIE_DOMAIN, false );
117
+ }
118
+ else {
119
+ unset( $_COOKIE[ self::AdminAccessKeyCookieName ] );
120
+ setcookie( self::AdminAccessKeyCookieName, "", time()-3600, COOKIEPATH, COOKIE_DOMAIN, false );
121
+ }
122
+ }
123
+
124
+ /**
125
+ * @return bool|void
126
+ */
127
+ protected function getOptionsDefinitions() {
128
+
129
+ if ( $this->hasEncryptOption() ) {
130
+
131
+ $aAccessKey = array(
132
+ 'section_title' => _wpsf__( 'Admin Access Restriction' ),
133
+ 'section_options' => array(
134
+ array(
135
+ 'enable_admin_access_restriction',
136
+ '',
137
+ 'N',
138
+ 'checkbox',
139
+ _wpsf__( 'Enable Access Key' ),
140
+ _wpsf__( 'Enforce Admin Access Restriction' ),
141
+ _wpsf__( 'Enable this with great care and consideration. When this Access Key option is enabled, you must specify a key below and use it to gain access to this plugin.' ),
142
+ '<a href="http://icwp.io/40" target="_blank">'._wpsf__( 'more info' ).'</a>'
143
+ .' | <a href="http://icwp.io/wpsf02" target="_blank">'._wpsf__( 'blog' ).'</a>'
144
+ ),
145
+ array(
146
+ 'admin_access_key',
147
+ '',
148
+ '',
149
+ 'password',
150
+ _wpsf__( 'Admin Access Key' ),
151
+ _wpsf__( 'Specify Your Plugin Access Key' ),
152
+ _wpsf__( 'If you forget this, you could potentially lock yourself out from using this plugin.' )
153
+ .' <strong>'._wpsf__( 'Leave it blank to not update it' ).'</strong>',
154
+ '<a href="http://icwp.io/42" target="_blank">'._wpsf__( 'more info' ).'</a>'
155
+ ),
156
+ array(
157
+ 'admin_access_timeout',
158
+ '',
159
+ self::Default_AccessKeyTimeout,
160
+ 'integer',
161
+ _wpsf__( 'Access Key Timeout' ),
162
+ _wpsf__( 'Specify A Timeout For Plugin Admin Access' ),
163
+ _wpsf__( 'This will automatically expire your WordPress Simple Firewall session. Does not apply until you enter the access key again.').'<br />'.sprintf(_wpsf__( 'Default: %s minutes.' ), self::Default_AccessKeyTimeout ),
164
+ '<a href="http://icwp.io/41" target="_blank">'._wpsf__( 'more info' ).'</a>'
165
+ )
166
+ )
167
+ );
168
+ }
169
+ $aOptionsDefinitions = array(
170
+ $aAccessKey
171
+ );
172
+ return $aOptionsDefinitions;
173
+ }
174
+
175
+ /**
176
+ * This is the point where you would want to do any options verification
177
+ */
178
+ protected function doPrePluginOptionsSave() {
179
+
180
+ if ( $this->getOpt( 'admin_access_key_timeout' ) <= 0 ) {
181
+ $this->setOpt( 'admin_access_key_timeout', self::Default_AccessKeyTimeout );
182
+ }
183
+
184
+ $sAccessKey = $this->getOpt( 'admin_access_key');
185
+ if ( empty( $sAccessKey ) ) {
186
+ $this->setOpt( 'enable_admin_access_restriction', 'N' );
187
+ }
188
+ }
189
+
190
+ protected function updateHandler() {
191
+ parent::updateHandler();
192
+ if ( version_compare( $this->getVersion(), '3.0.0', '<' ) ) {
193
+ $aAllOptions = apply_filters( $this->doPluginPrefix( 'aggregate_all_plugin_options' ), array() );
194
+ $this->setOpt( 'enable_admin_access_restriction', $aAllOptions['enable_admin_access_restriction'] );
195
+ $this->setOpt( 'admin_access_key', $aAllOptions['admin_access_key'] );
196
+ $this->setOpt( 'admin_access_timeout', $aAllOptions['admin_access_timeout'] );
197
+ }
198
+ }
199
+ }
200
+
201
+ endif;
src/icwp-optionshandler-autoupdates.php CHANGED
@@ -17,21 +17,57 @@
17
 
18
  require_once( dirname(__FILE__).'/icwp-optionshandler-base.php' );
19
 
20
- if ( !class_exists('ICWP_OptionsHandler_AutoUpdates_V2') ):
21
 
22
- class ICWP_OptionsHandler_AutoUpdates_V2 extends ICWP_OptionsHandler_Base_Wpsf {
23
-
24
- const StoreName = 'autoupdates_options';
25
-
26
- public function __construct( $insPrefix, $insVersion ) {
27
- parent::__construct( $insPrefix, self::StoreName, $insVersion );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
28
  }
29
 
30
  public function doPrePluginOptionsSave() {}
31
-
32
- public function defineOptions() {
33
 
34
- $aAutoUpdatesBase = array(
 
 
 
 
35
  'section_title' => _wpsf__('Enable Automatic Updates Section'),
36
  'section_options' => array(
37
  array(
@@ -46,7 +82,7 @@ class ICWP_OptionsHandler_AutoUpdates_V2 extends ICWP_OptionsHandler_Base_Wpsf {
46
  )
47
  )
48
  );
49
- $aAutoUpdateAll = array(
50
  'section_title' => _wpsf__('Disable ALL WordPress Automatic Updates'),
51
  'section_options' => array(
52
  array(
@@ -61,7 +97,7 @@ class ICWP_OptionsHandler_AutoUpdates_V2 extends ICWP_OptionsHandler_Base_Wpsf {
61
  )
62
  )
63
  );
64
- $aAutoUpdatePlugin = array(
65
  'section_title' => _wpsf__('Automatic Plugin Self-Update'),
66
  'section_options' => array(
67
  array(
@@ -76,19 +112,19 @@ class ICWP_OptionsHandler_AutoUpdates_V2 extends ICWP_OptionsHandler_Base_Wpsf {
76
  )
77
  )
78
  );
79
- $aAutoUpdateOptions = array( 'select',
80
  array( 'core_never', _wpsf__('Never') ),
81
  array( 'core_minor', _wpsf__('Minor Versions Only') ),
82
  array( 'core_major', _wpsf__('Major and Minor Versions') ),
83
  );
84
- $aAutoUpdateComponents = array(
85
  'section_title' => _wpsf__('Choose Which WordPress Components To Allow Automatic Updates'),
86
  'section_options' => array(
87
  array(
88
  'autoupdate_core',
89
  '',
90
  'core_minor',
91
- $aAutoUpdateOptions,
92
  _wpsf__( 'WordPress Core Updates' ),
93
  _wpsf__( 'Decide how the WordPress Core will automatically update, if at all' ),
94
  _wpsf__( 'At least automatically upgrading minor versions is recommended (and is the WordPress default).' ),
@@ -132,8 +168,8 @@ class ICWP_OptionsHandler_AutoUpdates_V2 extends ICWP_OptionsHandler_Base_Wpsf {
132
  )
133
  )
134
  );
135
-
136
- $aAutoUpdateEmail = array(
137
  'section_title' => _wpsf__('Automatic Update Email Notifications'),
138
  'section_options' => array(
139
  array(
@@ -157,23 +193,17 @@ class ICWP_OptionsHandler_AutoUpdates_V2 extends ICWP_OptionsHandler_Base_Wpsf {
157
  )
158
  );
159
 
160
- $this->m_aOptions = array(
161
- $aAutoUpdatesBase,
162
- $aAutoUpdateAll,
163
- $aAutoUpdatePlugin,
164
- $aAutoUpdateComponents,
165
- $aAutoUpdateEmail
166
  );
167
- }
168
-
169
- public function updateHandler() {
170
-
171
- $sCurrentVersion = $this->getVersion();
172
- $sCurrentVersion = empty( $sCurrentVersion )? '0.0' : $sCurrentVersion;
173
- if ( version_compare( $sCurrentVersion, '1.9.0', '<' ) ) { }//v1.9.0
174
  }
175
  }
176
 
177
  endif;
178
 
179
- class ICWP_OptionsHandler_AutoUpdates extends ICWP_OptionsHandler_AutoUpdates_V2 { }
17
 
18
  require_once( dirname(__FILE__).'/icwp-optionshandler-base.php' );
19
 
20
+ if ( !class_exists('ICWP_WPSF_FeatureHandler_Autoupdates_V2') ):
21
 
22
+ class ICWP_WPSF_FeatureHandler_Autoupdates_V2 extends ICWP_WPSF_FeatureHandler_Base {
23
+
24
+ /**
25
+ * @var ICWP_WPSF_AutoupdatesProcessor
26
+ */
27
+ protected $oFeatureProcessor;
28
+
29
+ public function __construct( $oPluginVo ) {
30
+ $this->sFeatureName = _wpsf__('Automatic Updates');
31
+ $this->sFeatureSlug = 'autoupdates';
32
+ parent::__construct( $oPluginVo );
33
+ }
34
+
35
+ /**
36
+ * @return ICWP_WPSF_AutoupdatesProcessor|null
37
+ */
38
+ protected function loadFeatureProcessor() {
39
+ if ( !isset( $this->oFeatureProcessor ) ) {
40
+ require_once( dirname(__FILE__).'/icwp-processor-autoupdates.php' );
41
+ $this->oFeatureProcessor = new ICWP_WPSF_AutoupdatesProcessor( $this );
42
+ }
43
+ return $this->oFeatureProcessor;
44
+ }
45
+
46
+ /**
47
+ * @return bool|void
48
+ */
49
+ public function handleFormSubmit() {
50
+ $fSuccess = parent::handleFormSubmit();
51
+ if ( !$fSuccess ) {
52
+ return $fSuccess;
53
+ }
54
+
55
+ // Force run automatic updates
56
+ $this->loadDataProcessor();
57
+ if ( ICWP_WPSF_DataProcessor::FetchGet( 'force_run_auto_updates' ) == 'now' ) {
58
+ $oProc = $this->getProcessor();
59
+ $oProc->setForceRunAutoupdates( true );
60
+ return;
61
+ }
62
  }
63
 
64
  public function doPrePluginOptionsSave() {}
 
 
65
 
66
+ /**
67
+ * @return array
68
+ */
69
+ protected function getOptionsDefinitions() {
70
+ $aAutoupdatesBase = array(
71
  'section_title' => _wpsf__('Enable Automatic Updates Section'),
72
  'section_options' => array(
73
  array(
82
  )
83
  )
84
  );
85
+ $aAutoupdateAll = array(
86
  'section_title' => _wpsf__('Disable ALL WordPress Automatic Updates'),
87
  'section_options' => array(
88
  array(
97
  )
98
  )
99
  );
100
+ $aAutoupdatePlugin = array(
101
  'section_title' => _wpsf__('Automatic Plugin Self-Update'),
102
  'section_options' => array(
103
  array(
112
  )
113
  )
114
  );
115
+ $aAutoupdateOptions = array( 'select',
116
  array( 'core_never', _wpsf__('Never') ),
117
  array( 'core_minor', _wpsf__('Minor Versions Only') ),
118
  array( 'core_major', _wpsf__('Major and Minor Versions') ),
119
  );
120
+ $aAutoupdateComponents = array(
121
  'section_title' => _wpsf__('Choose Which WordPress Components To Allow Automatic Updates'),
122
  'section_options' => array(
123
  array(
124
  'autoupdate_core',
125
  '',
126
  'core_minor',
127
+ $aAutoupdateOptions,
128
  _wpsf__( 'WordPress Core Updates' ),
129
  _wpsf__( 'Decide how the WordPress Core will automatically update, if at all' ),
130
  _wpsf__( 'At least automatically upgrading minor versions is recommended (and is the WordPress default).' ),
168
  )
169
  )
170
  );
171
+
172
+ $aAutoupdateEmail = array(
173
  'section_title' => _wpsf__('Automatic Update Email Notifications'),
174
  'section_options' => array(
175
  array(
193
  )
194
  );
195
 
196
+ $aOptionsDefinitions = array(
197
+ $aAutoupdatesBase,
198
+ $aAutoupdateAll,
199
+ $aAutoupdatePlugin,
200
+ $aAutoupdateComponents,
201
+ $aAutoupdateEmail
202
  );
203
+ return $aOptionsDefinitions;
 
 
 
 
 
 
204
  }
205
  }
206
 
207
  endif;
208
 
209
+ class ICWP_WPSF_FeatureHandler_Autoupdates extends ICWP_WPSF_FeatureHandler_Autoupdates_V2 { }
src/icwp-optionshandler-base.php CHANGED
@@ -2,7 +2,7 @@
2
  /**
3
  * Copyright (c) 2014 iControlWP <support@icontrolwp.com>
4
  * All rights reserved.
5
- *
6
  * Version: 2013-11-15-V1
7
  *
8
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
@@ -17,10 +17,15 @@
17
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
18
  */
19
 
20
- if ( !class_exists('ICWP_OptionsHandler_Base_V2') ):
 
 
 
 
 
 
 
21
 
22
- class ICWP_OptionsHandler_Base_V2 {
23
-
24
  /**
25
  * @var string
26
  */
@@ -29,97 +34,303 @@ class ICWP_OptionsHandler_Base_V2 {
29
  * @var string
30
  */
31
  const PluginVersionKey = 'current_plugin_version';
32
-
33
  /**
34
  * @var boolean
35
  */
36
- protected $m_fNeedSave;
37
-
38
  /**
39
- * @var boolean
40
  */
41
- protected $m_fFullInit;
42
-
43
  /**
44
- * @var string
 
 
 
 
 
 
 
45
  */
46
- protected $m_sOptionPrefix;
47
-
48
  /**
49
  * @var string
50
  */
51
- protected $m_sVersion;
52
 
53
  /**
54
  * @var array
55
  */
56
- protected $m_aOptions;
57
-
 
 
 
 
58
  /**
59
- * @var array
60
  */
61
- protected $m_aDirectSaveOptions;
62
-
63
  /**
64
- * @var boolean
65
  */
66
- protected $m_fIsMultisite;
67
 
68
  /**
69
- * These are options that need to be stored, but are never set by the UI.
70
- *
71
- * @var array
72
  */
73
- protected $m_aNonUiOptions;
74
 
75
  /**
76
- * @var array
77
  */
78
- protected $m_aOptionsValues;
79
-
80
  /**
81
- * @var array
82
  */
83
- protected $m_aOptionsStoreName;
84
-
85
  /**
86
- * @var array
87
  */
88
- protected $aOptionsKeys;
89
-
90
- public function __construct( $insPrefix, $insStoreName, $insVersion ) {
91
- $this->m_sOptionPrefix = $insPrefix;
92
- $this->m_aOptionsStoreName = $insStoreName;
93
- $this->m_sVersion = $insVersion;
94
-
95
- $this->m_fIsMultisite = function_exists( 'is_multisite' ) && is_multisite();
96
-
97
  // Handle any upgrades as necessary (only go near this if it's the admin area)
98
- add_action( 'init', array( $this, 'onWpPluginsLoaded' ), 1 );
 
 
 
 
 
 
 
 
 
99
  }
100
-
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
101
  /**
102
- * A action added to WordPress 'plugins_loaded' hook
103
  */
104
- public function onWpPluginsLoaded() {
105
- $this->doUpdates();
106
  }
107
-
108
- protected function doUpdates() {
109
- if ( $this->hasPluginManageRights() ) {
110
- $this->buildOptions();
111
- $this->updateHandler();
 
 
 
 
 
 
 
 
 
 
 
112
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
113
  }
114
-
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
115
  public function hasPluginManageRights() {
116
- if ( !current_user_can( 'manage_options' ) ) {
117
  return false;
118
  }
119
- if ( $this->m_fIsMultisite && is_network_admin() ) {
 
 
120
  return true;
121
  }
122
- else if ( !$this->m_fIsMultisite && is_admin() ) {
123
  return true;
124
  }
125
  return false;
@@ -129,27 +340,20 @@ class ICWP_OptionsHandler_Base_V2 {
129
  * @return string
130
  */
131
  public function getVersion() {
132
- return $this->getOpt( self::PluginVersionKey );
 
133
  }
134
 
135
- /**
136
- * @param string
137
- * @return string
138
- */
139
- public function setVersion( $insVersion ) {
140
- return $this->setOpt( self::PluginVersionKey, $insVersion );
141
- }
142
-
143
  /**
144
  * Gets the array of all possible options keys
145
- *
146
  * @return array
147
  */
148
  public function getOptionsKeys() {
149
  $this->setOptionsKeys();
150
  return $this->aOptionsKeys;
151
  }
152
-
153
  /**
154
  * @return void
155
  */
@@ -159,69 +363,62 @@ class ICWP_OptionsHandler_Base_V2 {
159
  }
160
  $this->buildOptions();
161
  }
162
-
163
  /**
164
- * Determines whether the given option key is a valid options
165
  *
166
  * @param string
167
  * @return boolean
168
  */
169
  public function getIsOptionKey( $sOptionKey ) {
170
- if ( $sOptionKey == self::PluginVersionKey ) {
171
- return true;
172
- }
173
  $this->setOptionsKeys();
174
  return ( in_array( $sOptionKey, $this->aOptionsKeys ) );
175
  }
176
-
177
  /**
178
  * Sets the value for the given option key
179
- *
180
  * @param string $insKey
181
  * @param mixed $inmValue
182
  * @return boolean
183
  */
184
  public function setOpt( $insKey, $inmValue ) {
185
-
186
  if ( !$this->getIsOptionKey( $insKey ) ) {
187
  return false;
188
  }
189
-
190
  if ( !isset( $this->m_aOptionsValues ) ) {
191
  $this->loadStoredOptionsValues();
192
  }
193
-
194
  if ( $this->getOpt( $insKey ) === $inmValue ) {
195
  return true;
196
  }
197
-
198
  $this->m_aOptionsValues[ $insKey ] = $inmValue;
199
-
200
- if ( !$this->m_fNeedSave ) {
201
- $this->m_fNeedSave = true;
202
- }
203
  return true;
204
  }
205
 
206
  /**
207
- * @param string $insKey
208
- * @return Ambigous <boolean, multitype:>
209
  */
210
- public function getOpt( $insKey ) {
211
  if ( !isset( $this->m_aOptionsValues ) ) {
212
  $this->loadStoredOptionsValues();
213
  }
214
- return ( isset( $this->m_aOptionsValues[ $insKey ] )? $this->m_aOptionsValues[ $insKey ] : false );
215
  }
216
-
217
  /**
218
  * Retrieves the full array of options->values
219
- *
220
  * @return array
221
  */
222
  public function getOptions() {
223
  $this->buildOptions();
224
- return $this->m_aOptions;
225
  }
226
 
227
  /**
@@ -233,32 +430,47 @@ class ICWP_OptionsHandler_Base_V2 {
233
  $this->generateOptionsValues();
234
  return $this->m_aOptionsValues;
235
  }
236
-
237
  /**
238
  * Saves the options to the WordPress Options store.
239
- *
240
  * It will also update the stored plugin options version.
241
  */
242
  public function savePluginOptions() {
243
-
244
  $this->doPrePluginOptionsSave();
 
245
  $this->updateOptionsVersion();
246
- if ( !$this->m_fNeedSave ) {
247
  return true;
248
  }
249
- $this->updateOption( $this->m_aOptionsStoreName, $this->m_aOptionsValues );
250
- $this->m_fNeedSave = false;
 
 
 
251
  }
252
-
 
 
 
 
 
 
 
 
 
 
 
253
  public function collateAllFormInputsForAllOptions() {
254
 
255
- if ( !isset( $this->m_aOptions ) ) {
256
  $this->buildOptions();
257
  }
258
-
259
  $aToJoin = array();
260
- foreach ( $this->m_aOptions as $aOptionsSection ) {
261
-
262
  if ( empty( $aOptionsSection ) ) {
263
  continue;
264
  }
@@ -269,7 +481,7 @@ class ICWP_OptionsHandler_Base_V2 {
269
  }
270
  return implode( self::CollateSeparator, $aToJoin );
271
  }
272
-
273
  /**
274
  * @return array
275
  */
@@ -281,26 +493,46 @@ class ICWP_OptionsHandler_Base_V2 {
281
  $this->buildOptions(); // set the defaults
282
  }
283
  }
284
-
 
 
 
 
 
 
 
 
285
  /**
286
  * Loads the options and their stored values from the WordPress Options store.
287
  */
288
  protected function loadStoredOptionsValues() {
289
  if ( empty( $this->m_aOptionsValues ) ) {
290
- $this->m_aOptionsValues = $this->getOption( $this->m_aOptionsStoreName );
 
291
  if ( empty( $this->m_aOptionsValues ) ) {
292
- $this->m_aOptionsValues = array();
293
- $this->m_fNeedSave = true;
294
  }
295
  }
 
296
  }
297
-
 
 
298
  protected function defineOptions() {
299
-
300
- if ( !empty( $this->m_aOptions ) ) {
301
- return true;
 
 
 
 
302
  }
303
-
 
 
 
 
 
304
  $aMisc = array(
305
  'section_title' => 'Miscellaneous Plugin Options',
306
  'section_options' => array(
@@ -315,20 +547,28 @@ class ICWP_OptionsHandler_Base_V2 {
315
  ),
316
  ),
317
  );
318
- $this->m_aOptions = array( $aMisc );
 
 
 
 
 
 
 
 
 
 
319
  }
320
 
321
  /**
322
  * Will initiate the plugin options structure for use by the UI builder.
323
- *
324
  * It will also fill in $this->m_aOptionsValues with defaults where appropriate.
325
- *
326
  * It doesn't set any values, just populates the array created in buildOptions()
327
  * with values stored.
328
- *
329
  * It has to handle the conversion of stored values to data to be displayed to the user.
330
- *
331
- * @param string $insUpdateKey - if only want to update a single key, supply it here.
332
  */
333
  public function buildOptions() {
334
 
@@ -336,14 +576,14 @@ class ICWP_OptionsHandler_Base_V2 {
336
  $this->loadStoredOptionsValues();
337
 
338
  $this->aOptionsKeys = array();
339
- foreach ( $this->m_aOptions as &$aOptionsSection ) {
340
-
341
  if ( empty( $aOptionsSection ) || !isset( $aOptionsSection['section_options'] ) ) {
342
  continue;
343
  }
344
-
345
  foreach ( $aOptionsSection['section_options'] as &$aOptionParams ) {
346
-
347
  list( $sOptionKey, $sOptionValue, $sOptionDefault, $sOptionType ) = $aOptionParams;
348
 
349
  $this->aOptionsKeys[] = $sOptionKey;
@@ -352,12 +592,12 @@ class ICWP_OptionsHandler_Base_V2 {
352
  $this->setOpt( $sOptionKey, $sOptionDefault );
353
  }
354
  $mCurrentOptionVal = $this->getOpt( $sOptionKey );
355
-
356
  if ( $sOptionType == 'password' && !empty( $mCurrentOptionVal ) ) {
357
  $mCurrentOptionVal = '';
358
  }
359
  else if ( $sOptionType == 'ip_addresses' ) {
360
-
361
  if ( empty( $mCurrentOptionVal ) ) {
362
  $mCurrentOptionVal = '';
363
  }
@@ -379,7 +619,7 @@ class ICWP_OptionsHandler_Base_V2 {
379
  }
380
  }
381
  else if ( $sOptionType == 'comma_separated_lists' ) {
382
-
383
  if ( empty( $mCurrentOptionVal ) ) {
384
  $mCurrentOptionVal = '';
385
  }
@@ -394,10 +634,10 @@ class ICWP_OptionsHandler_Base_V2 {
394
  $aOptionParams[1] = $mCurrentOptionVal;
395
  }
396
  }
397
-
398
  // Cater for Non-UI options that don't necessarily go through the UI
399
- if ( isset($this->m_aNonUiOptions) && is_array($this->m_aNonUiOptions) ) {
400
- foreach( $this->m_aNonUiOptions as $sOption ) {
401
  $this->aOptionsKeys[] = $sOption;
402
  if ( !$this->getOpt( $sOption ) ) {
403
  $this->setOpt( $sOption, '' );
@@ -405,34 +645,31 @@ class ICWP_OptionsHandler_Base_V2 {
405
  }
406
  }
407
  }
408
-
409
  /**
410
  * This is the point where you would want to do any options verification
411
  */
412
  protected function doPrePluginOptionsSave() { }
413
 
414
  /**
415
- * Will return the 'current_plugin_version' if it is set, 0.0 otherwise.
416
- *
417
- * @return string
418
- */
419
- public function getPluginOptionsVersion() {
420
- $sVersion = $this->getOpt( 'current_plugin_version' );
421
- return empty( $sVersion )? '0.0' :$sVersion;
422
- }
423
-
424
- /**
425
- * Updates the 'current_plugin_version' to the offical plugin version.
426
  */
427
  protected function updateOptionsVersion() {
428
- $this->setOpt( 'current_plugin_version', $this->m_sVersion );
429
  }
430
-
431
  /**
432
  * Deletes all the options including direct save.
433
  */
434
  public function deletePluginOptions() {
435
- $this->deleteOption( $this->m_aOptionsStoreName );
 
 
 
 
 
 
 
 
436
  }
437
 
438
  protected function convertIpListForDisplay( $inaIpList = array() ) {
@@ -444,7 +681,7 @@ class ICWP_OptionsHandler_Base_V2 {
444
  foreach( $inaIpList['ips'] as $sAddress ) {
445
  // offset=1 in the case that it's a range and the first number is negative on 32-bit systems
446
  $mPos = strpos( $sAddress, '-', 1 );
447
-
448
  if ( $mPos === false ) { //plain IP address
449
  $sDisplayText = long2ip( $sAddress );
450
  }
@@ -461,33 +698,52 @@ class ICWP_OptionsHandler_Base_V2 {
461
  return $aDisplay;
462
  }
463
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
464
  /**
465
  * @param string $sAllOptionsInput - comma separated list of all the input keys to be processed from the $_POST
466
  * @return void|boolean
467
  */
468
  public function updatePluginOptionsFromSubmit( $sAllOptionsInput ) {
469
-
470
- require_once ( dirname(__FILE__).'/icwp-data-processor.php' );
471
- $oProcessor = new ICWP_WPSF_DataProcessor();
472
-
473
  if ( empty( $sAllOptionsInput ) ) {
474
  return;
475
  }
476
-
477
  $this->loadStoredOptionsValues();
478
-
479
  $aAllInputOptions = explode( self::CollateSeparator, $sAllOptionsInput );
480
  foreach ( $aAllInputOptions as $sInputKey ) {
481
  $aInput = explode( ':', $sInputKey );
482
  list( $sOptionType, $sOptionKey ) = $aInput;
483
-
484
  if ( !$this->getIsOptionKey( $sOptionKey ) ) {
485
  continue;
486
  }
487
 
488
- $sOptionValue = $this->getFromPost( $sOptionKey );
489
  if ( is_null($sOptionValue) ) {
490
-
491
  if ( $sOptionType == 'text' || $sOptionType == 'email' ) { //if it was a text box, and it's null, don't update anything
492
  continue;
493
  }
@@ -499,7 +755,7 @@ class ICWP_OptionsHandler_Base_V2 {
499
  }
500
  }
501
  else { //handle any pre-processing we need to.
502
-
503
  if ( $sOptionType == 'integer' ) {
504
  $sOptionValue = intval( $sOptionValue );
505
  }
@@ -511,59 +767,33 @@ class ICWP_OptionsHandler_Base_V2 {
511
  $sOptionValue = md5( $sTempValue );
512
  }
513
  else if ( $sOptionType == 'ip_addresses' ) { //ip addresses are textareas, where each is separated by newline
514
- $sOptionValue = $oProcessor->ExtractIpAddresses( $sOptionValue );
515
  }
516
  else if ( $sOptionType == 'yubikey_unique_keys' ) { //ip addresses are textareas, where each is separated by newline and are 12 chars long
517
- $sOptionValue = $oProcessor->CleanYubikeyUniqueKeys( $sOptionValue );
518
  }
519
  else if ( $sOptionType == 'email' && function_exists( 'is_email' ) && !is_email( $sOptionValue ) ) {
520
  $sOptionValue = '';
521
  }
522
  else if ( $sOptionType == 'comma_separated_lists' ) {
523
- $sOptionValue = $oProcessor->ExtractCommaSeparatedList( $sOptionValue );
524
  }
525
  }
526
  $this->setOpt( $sOptionKey, $sOptionValue );
527
  }
528
- return $this->savePluginOptions( true );
529
  }
530
-
531
  /**
532
  * Should be over-ridden by each new class to handle upgrades.
533
- *
534
  * Called upon construction and after plugin options are initialized.
535
  */
536
- protected function updateHandler() { }
537
-
538
- /**
539
- * @param array $inaNewOptions
540
- */
541
- protected function mergeNonUiOptions( $inaNewOptions = array() ) {
542
-
543
- if ( !empty( $this->m_aNonUiOptions ) ) {
544
- $this->m_aNonUiOptions = array_merge( $this->m_aNonUiOptions, $inaNewOptions );
545
- }
546
- else {
547
- $this->m_aNonUiOptions = $inaNewOptions;
548
- }
549
- }
550
-
551
- /**
552
- * Copies WordPress Options to the options array and optionally deletes the original.
553
- *
554
- * @param array $inaOptions
555
- * @param boolean $fDeleteOld
556
- */
557
- protected function migrateOptions( $inaOptions, $fDeleteOld = false ) {
558
- foreach( $inaOptions as $sOptionKey ) {
559
- $mCurrentValue = $this->getOption( $sOptionKey );
560
- if ( $mCurrentValue === false ) {
561
- continue;
562
- }
563
- $this->setOpt( $sOptionKey, $mCurrentValue );
564
- if ( $fDeleteOld ) {
565
- $this->deleteOption( $sOptionKey );
566
- }
567
  }
568
  }
569
 
@@ -574,39 +804,47 @@ class ICWP_OptionsHandler_Base_V2 {
574
  return function_exists( 'md5' );
575
  // return extension_loaded( 'mcrypt' );
576
  }
577
-
578
  protected function getVisitorIpAddress( $infAsLong = true ) {
579
- require_once( dirname(__FILE__).'/icwp-data-processor.php' );
580
  return ICWP_WPSF_DataProcessor::GetVisitorIpAddress( $infAsLong );
581
  }
582
-
583
  /**
584
- * @param string $insKey - the POST key
585
- * @param string $insPrefix
586
- * @return Ambigous <null, string>
 
587
  */
588
- protected function getFromPost( $insKey, $insPrefix = null ) {
589
- $sKey = ( is_null( $insPrefix )? $this->m_sOptionPrefix : $insPrefix ) . $insKey;
590
- return ( isset( $_POST[ $sKey ] )? $_POST[ $sKey ]: null );
591
- }
592
- public function getOption( $insKey ) {
593
- $sKey = $this->m_sOptionPrefix.$insKey;
594
- return $this->m_fIsMultisite? get_site_option($sKey) : get_option($sKey);
595
  }
596
- public function addOption( $insKey, $insValue ) {
597
- $sKey = $this->m_sOptionPrefix.$insKey;
598
- return $this->m_fIsMultisite? add_site_option($sKey, $insValue) : add_option($sKey, $insValue);
599
- }
600
- public function updateOption( $insKey, $insValue ) {
601
- $sKey = $this->m_sOptionPrefix.$insKey;
602
- return $this->m_fIsMultisite? update_site_option($sKey, $insValue) : update_option($sKey, $insValue);
 
 
 
 
 
 
 
 
 
603
  }
604
- public function deleteOption( $insKey ) {
605
- $sKey = $this->m_sOptionPrefix.$insKey;
606
- return $this->m_fIsMultisite? delete_site_option($sKey) : delete_option($sKey);
 
 
 
 
607
  }
608
 
609
-
610
  /**
611
  * @param string $insExistingListKey
612
  * @param string $insFilterName
@@ -617,7 +855,7 @@ class ICWP_OptionsHandler_Base_V2 {
617
  if ( empty( $aFilterIps ) ) {
618
  return false;
619
  }
620
-
621
  $aNewIps = array();
622
  foreach( $aFilterIps as $mKey => $sValue ) {
623
  if ( is_string( $mKey ) ) { //it's the IP
@@ -630,7 +868,7 @@ class ICWP_OptionsHandler_Base_V2 {
630
  }
631
  $aNewIps[ $sIP ] = $sLabel;
632
  }
633
-
634
  // now add and store the new IPs
635
  $aExistingIpList = $this->getOpt( $insExistingListKey );
636
  if ( !is_array( $aExistingIpList ) ) {
@@ -644,22 +882,120 @@ class ICWP_OptionsHandler_Base_V2 {
644
  $this->setOpt( $insExistingListKey, $aNewList );
645
  }
646
  }
647
-
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
648
  protected function loadDataProcessor() {
649
  if ( !class_exists('ICWP_WPSF_DataProcessor') ) {
650
  require_once( dirname(__FILE__).'/icwp-data-processor.php' );
651
  }
652
  }
653
 
 
 
 
 
 
 
 
654
  /**
655
  * @return ICWP_WpFilesystem_WPSF
656
  */
657
  protected function loadFileSystemProcessor() {
658
- require_once( dirname(__FILE__) . '/icwp-wpfilesystem.php' );
 
 
659
  return ICWP_WpFilesystem_WPSF::GetInstance();
660
  }
 
661
  }
662
 
663
  endif;
664
 
665
- class ICWP_OptionsHandler_Base_Wpsf extends ICWP_OptionsHandler_Base_V2 { }
2
  /**
3
  * Copyright (c) 2014 iControlWP <support@icontrolwp.com>
4
  * All rights reserved.
5
+ *
6
  * Version: 2013-11-15-V1
7
  *
8
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
17
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
18
  */
19
 
20
+ if ( !class_exists('ICWP_WPSF_FeatureHandler_Base_V2') ):
21
+
22
+ class ICWP_WPSF_FeatureHandler_Base_V2 {
23
+
24
+ /**
25
+ * @var ICWP_Wordpress_Simple_Firewall_Plugin
26
+ */
27
+ protected $oPluginVo;
28
 
 
 
29
  /**
30
  * @var string
31
  */
34
  * @var string
35
  */
36
  const PluginVersionKey = 'current_plugin_version';
37
+
38
  /**
39
  * @var boolean
40
  */
41
+ protected $fNeedSave;
42
+
43
  /**
44
+ * @var array
45
  */
46
+ protected $aOptions;
47
+
48
  /**
49
+ * These are options that need to be stored, but are never set by the UI.
50
+ *
51
+ * @var array
52
+ */
53
+ protected $aNonUiOptions;
54
+
55
+ /**
56
+ * @var array
57
  */
58
+ protected $m_aOptionsValues;
59
+
60
  /**
61
  * @var string
62
  */
63
+ protected $sOptionsStoreKey;
64
 
65
  /**
66
  * @var array
67
  */
68
+ protected $aOptionsKeys;
69
+
70
+ /**
71
+ * @var string
72
+ */
73
+ protected $sFeatureName;
74
  /**
75
+ * @var string
76
  */
77
+ protected $sFeatureSlug;
78
+
79
  /**
80
+ * @var string
81
  */
82
+ protected static $sPluginBaseFile;
83
 
84
  /**
85
+ * @var string
 
 
86
  */
87
+ protected $fShowFeatureMenuItem = true;
88
 
89
  /**
90
+ * @var ICWP_WPSF_FeatureHandler_Email
91
  */
92
+ protected static $oEmailHandler;
93
+
94
  /**
95
+ * @var ICWP_WPSF_FeatureHandler_Email
96
  */
97
+ protected static $oLoggingHandler;
98
+
99
  /**
100
+ * @var ICWP_WPSF_BaseProcessor
101
  */
102
+ protected $oFeatureProcessor;
103
+
104
+ public function __construct( $oPluginVo, $sOptionsStoreKey = null ) {
105
+ $this->oPluginVo = $oPluginVo;
106
+ $this->sOptionsStoreKey = $this->prefixOptionKey(
107
+ ( is_null( $sOptionsStoreKey ) ? $this->getFeatureSlug() : $sOptionsStoreKey )
108
+ .'_options'
109
+ );
110
+
111
  // Handle any upgrades as necessary (only go near this if it's the admin area)
112
+ add_action( 'plugins_loaded', array( $this, 'onWpPluginsLoaded' ) );
113
+ add_action( 'init', array( $this, 'onWpInit' ), 1 );
114
+ add_action( $this->doPluginPrefix( 'form_submit' ), array( $this, 'handleFormSubmit' ) );
115
+ add_filter( $this->doPluginPrefix( 'filter_plugin_submenu_items' ), array( $this, 'filter_addPluginSubMenuItem' ) );
116
+ add_filter( $this->doPluginPrefix( 'get_feature_summary_data' ), array( $this, 'filter_getFeatureSummaryData' ) );
117
+ add_filter( $this->doPluginPrefix( 'flush_logs' ), array( $this, 'filter_flushFeatureLogs' ) );
118
+ add_action( $this->doPluginPrefix( 'plugin_shutdown' ), array( $this, 'action_doFeatureShutdown' ) );
119
+
120
+ add_action( $this->doPluginPrefix( 'delete_plugin_options' ), array( $this, 'deletePluginOptions' ) );
121
+ add_filter( $this->doPluginPrefix( 'aggregate_all_plugin_options' ), array( $this, 'aggregateOptionsValues' ) );
122
  }
123
+
124
+ public function override() {
125
+
126
+ $oWpFs = $this->loadFileSystemProcessor();
127
+ if ( $oWpFs->exists( path_join( $this->oPluginVo->getRootDir(), 'forceOff') ) ) {
128
+ $this->setIsMainFeatureEnabled( false );
129
+ }
130
+ else if ( $oWpFs->exists( path_join( $this->oPluginVo->getRootDir(), 'forceOn') ) ) {
131
+ $this->setIsMainFeatureEnabled( true );
132
+ }
133
+ }
134
+
135
+ public function onWpPluginsLoaded() {
136
+ $this->load();
137
+ }
138
+
139
  /**
140
+ * @return bool
141
  */
142
+ public function getIsUpgrading() {
143
+ return $this->getVersion() != $this->oPluginVo->getVersion();
144
  }
145
+
146
+ /**
147
+ * Hooked to the plugin's main plugin_shutdown action
148
+ */
149
+ public function action_doFeatureShutdown() {
150
+ $this->savePluginOptions();
151
+
152
+ $aLogData = apply_filters( $this->doPluginPrefix( 'flush_logs' ), array() );
153
+ $oLoggingProcessor = $this->getLoggingProcessor();
154
+ $oLoggingProcessor->addDataToWrite( $aLogData );
155
+ $oLoggingProcessor->commitData();
156
+ }
157
+
158
+ protected function load() {
159
+ if ( !$this->getIsMainFeatureEnabled() ) {
160
+ return;
161
  }
162
+
163
+ $oProcessor = $this->loadFeatureProcessor();
164
+ if ( ! ( is_object( $oProcessor ) && $oProcessor instanceof ICWP_WPSF_BaseProcessor ) ) {
165
+ return;
166
+ }
167
+
168
+ $oProcessor->run();
169
+ }
170
+
171
+ /**
172
+ * Override this and adapt per feature
173
+ * @return null
174
+ */
175
+ protected function loadFeatureProcessor() {
176
+ return null;
177
+ }
178
+
179
+ /**
180
+ * @return ICWP_WPSF_BaseProcessor
181
+ */
182
+ public function getProcessor() {
183
+ return $this->loadFeatureProcessor();
184
+ }
185
+
186
+ /**
187
+ * @return ICWP_WPSF_FeatureHandler_Email
188
+ */
189
+ public static function GetEmailHandler() {
190
+ if ( is_null( self::$oEmailHandler ) ) {
191
+ self::$oEmailHandler = new ICWP_WPSF_FeatureHandler_Email( ICWP_Wordpress_Simple_Firewall_Plugin::GetInstance() );
192
+ }
193
+ return self::$oEmailHandler;
194
+ }
195
+
196
+ /**
197
+ * @return ICWP_WPSF_EmailProcessor
198
+ */
199
+ public function getEmailProcessor() {
200
+ return $this->GetEmailHandler()->getProcessor();
201
  }
202
+
203
+ /**
204
+ * @return ICWP_WPSF_FeatureHandler_Logging
205
+ */
206
+ public static function GetLoggingHandler() {
207
+ if ( is_null( self::$oLoggingHandler ) ) {
208
+ self::$oLoggingHandler = new ICWP_WPSF_FeatureHandler_Logging( ICWP_Wordpress_Simple_Firewall_Plugin::GetInstance() );
209
+ }
210
+ return self::$oLoggingHandler;
211
+ }
212
+
213
+ /**
214
+ * @return ICWP_WPSF_LoggingProcessor
215
+ */
216
+ public function getLoggingProcessor() {
217
+ return $this->GetLoggingHandler()->getProcessor();
218
+ }
219
+
220
+ /**
221
+ * @param $fEnable
222
+ */
223
+ public function setIsMainFeatureEnabled( $fEnable ) {
224
+ $this->setOpt( 'enable_'.$this->getFeatureSlug(), $fEnable ? 'Y' : 'N' );
225
+ }
226
+
227
+ /**
228
+ * @return mixed
229
+ */
230
+ public function getIsMainFeatureEnabled() {
231
+ $this->override();
232
+ return $this->getOpt( 'enable_'.$this->getFeatureSlug() ) == 'Y';
233
+ }
234
+
235
+ /**
236
+ * @return mixed
237
+ */
238
+ protected function getMainFeatureName() {
239
+ return $this->sFeatureName;
240
+ }
241
+
242
+ /**
243
+ * @return string
244
+ */
245
+ public function getPluginBaseFile() {
246
+ if ( !isset( self::$sPluginBaseFile ) ) {
247
+ self::$sPluginBaseFile = plugin_basename( $this->oPluginVo->getRootFile() );
248
+ }
249
+ return self::$sPluginBaseFile;
250
+ }
251
+
252
+ /**
253
+ * @return string
254
+ */
255
+ public function getFeatureSlug() {
256
+ return $this->sFeatureSlug;
257
+ }
258
+
259
+ /**
260
+ * with trailing slash
261
+ */
262
+ public function getResourcesDir() {
263
+ $this->oPluginVo->getRootDir().'resources'.ICWP_DS;
264
+ }
265
+
266
+ /**
267
+ *
268
+ */
269
+ public function filter_flushFeatureLogs( $aLogs ) {
270
+ if ( $this->getIsMainFeatureEnabled() ) {
271
+ $aFeatureLogs = $this->getProcessor()->flushLogData();
272
+ if ( !empty( $aFeatureLogs ) ) {
273
+ $aLogs = array_merge( $aLogs, $aFeatureLogs );
274
+ }
275
+ }
276
+ return $aLogs;
277
+ }
278
+
279
+ /**
280
+ * @param array $aItems
281
+ * @return array
282
+ */
283
+ public function filter_addPluginSubMenuItem( $aItems ) {
284
+ if ( !$this->fShowFeatureMenuItem || empty( $this->sFeatureName ) ) {
285
+ return $aItems;
286
+ }
287
+ $sMenuPageTitle = $this->oPluginVo->getHumanName().' - '.$this->getMainFeatureName();
288
+ $aItems[ $sMenuPageTitle ] = array(
289
+ $this->getMainFeatureName(),
290
+ $this->sFeatureSlug,
291
+ array( $this, 'displayFeatureConfigPage' )
292
+ );
293
+ return $aItems;
294
+ }
295
+
296
+ /**
297
+ * @param array $aSummaryData
298
+ * @return array
299
+ */
300
+ public function filter_getFeatureSummaryData( $aSummaryData ) {
301
+ if ( !$this->fShowFeatureMenuItem ) {
302
+ return $aSummaryData;
303
+ }
304
+
305
+ $aSummaryData[] = array(
306
+ $this->getIsMainFeatureEnabled(),
307
+ $this->getMainFeatureName(),
308
+ $this->doPluginPrefix( $this->sFeatureSlug )
309
+ );
310
+
311
+ return $aSummaryData;
312
+ }
313
+
314
+ /**
315
+ * A action added to WordPress 'plugins_loaded' hook
316
+ */
317
+ public function onWpInit() {
318
+ $this->updateHandler();
319
+ }
320
+
321
+ /**
322
+ * @return bool
323
+ */
324
  public function hasPluginManageRights() {
325
+ if ( !current_user_can( $this->oPluginVo->getBasePermissions() ) ) {
326
  return false;
327
  }
328
+
329
+ $oWpFunc = $this->loadWpFunctions();
330
+ if ( is_admin() && !$oWpFunc->isMultisite() ) {
331
  return true;
332
  }
333
+ else if ( is_network_admin() && $oWpFunc->isMultisite() ) {
334
  return true;
335
  }
336
  return false;
340
  * @return string
341
  */
342
  public function getVersion() {
343
+ $sVersion = $this->getOpt( self::PluginVersionKey );
344
+ return empty( $sVersion )? '0.0' : $sVersion;
345
  }
346
 
 
 
 
 
 
 
 
 
347
  /**
348
  * Gets the array of all possible options keys
349
+ *
350
  * @return array
351
  */
352
  public function getOptionsKeys() {
353
  $this->setOptionsKeys();
354
  return $this->aOptionsKeys;
355
  }
356
+
357
  /**
358
  * @return void
359
  */
363
  }
364
  $this->buildOptions();
365
  }
366
+
367
  /**
368
+ * Determines whether the given option key is a valid option
369
  *
370
  * @param string
371
  * @return boolean
372
  */
373
  public function getIsOptionKey( $sOptionKey ) {
 
 
 
374
  $this->setOptionsKeys();
375
  return ( in_array( $sOptionKey, $this->aOptionsKeys ) );
376
  }
377
+
378
  /**
379
  * Sets the value for the given option key
380
+ *
381
  * @param string $insKey
382
  * @param mixed $inmValue
383
  * @return boolean
384
  */
385
  public function setOpt( $insKey, $inmValue ) {
386
+
387
  if ( !$this->getIsOptionKey( $insKey ) ) {
388
  return false;
389
  }
390
+
391
  if ( !isset( $this->m_aOptionsValues ) ) {
392
  $this->loadStoredOptionsValues();
393
  }
394
+
395
  if ( $this->getOpt( $insKey ) === $inmValue ) {
396
  return true;
397
  }
 
398
  $this->m_aOptionsValues[ $insKey ] = $inmValue;
399
+ $this->fNeedSave = true;
 
 
 
400
  return true;
401
  }
402
 
403
  /**
404
+ * @param string $sOptionKey
405
+ * @return mixed
406
  */
407
+ public function getOpt( $sOptionKey ) {
408
  if ( !isset( $this->m_aOptionsValues ) ) {
409
  $this->loadStoredOptionsValues();
410
  }
411
+ return ( isset( $this->m_aOptionsValues[ $sOptionKey ] )? $this->m_aOptionsValues[ $sOptionKey ] : false );
412
  }
413
+
414
  /**
415
  * Retrieves the full array of options->values
416
+ *
417
  * @return array
418
  */
419
  public function getOptions() {
420
  $this->buildOptions();
421
+ return $this->aOptions;
422
  }
423
 
424
  /**
430
  $this->generateOptionsValues();
431
  return $this->m_aOptionsValues;
432
  }
433
+
434
  /**
435
  * Saves the options to the WordPress Options store.
436
+ *
437
  * It will also update the stored plugin options version.
438
  */
439
  public function savePluginOptions() {
440
+
441
  $this->doPrePluginOptionsSave();
442
+ $this->cleanOptions();
443
  $this->updateOptionsVersion();
444
+ if ( !$this->fNeedSave ) {
445
  return true;
446
  }
447
+
448
+ $oWpFunc = $this->loadWpFunctions();
449
+ $oWpFunc->updateOption( $this->sOptionsStoreKey, $this->m_aOptionsValues );
450
+ $this->fNeedSave = false;
451
+ return true;
452
  }
453
+
454
+ /**
455
+ *
456
+ */
457
+ protected function cleanOptions() {
458
+ foreach( $this->m_aOptionsValues as $sKey => $mValue ) {
459
+ if ( !$this->getIsOptionKey( $sKey ) ) {
460
+ unset( $this->m_aOptionsValues[$sKey] );
461
+ }
462
+ }
463
+ }
464
+
465
  public function collateAllFormInputsForAllOptions() {
466
 
467
+ if ( !isset( $this->aOptions ) ) {
468
  $this->buildOptions();
469
  }
470
+
471
  $aToJoin = array();
472
+ foreach ( $this->aOptions as $aOptionsSection ) {
473
+
474
  if ( empty( $aOptionsSection ) ) {
475
  continue;
476
  }
481
  }
482
  return implode( self::CollateSeparator, $aToJoin );
483
  }
484
+
485
  /**
486
  * @return array
487
  */
493
  $this->buildOptions(); // set the defaults
494
  }
495
  }
496
+
497
+ /**
498
+ * @param $aAggregatedOptions
499
+ * @return array
500
+ */
501
+ public function aggregateOptionsValues( $aAggregatedOptions ) {
502
+ return array_merge( $aAggregatedOptions, $this->loadStoredOptionsValues() );
503
+ }
504
+
505
  /**
506
  * Loads the options and their stored values from the WordPress Options store.
507
  */
508
  protected function loadStoredOptionsValues() {
509
  if ( empty( $this->m_aOptionsValues ) ) {
510
+ $oWpFunc = $this->loadWpFunctions();
511
+ $this->m_aOptionsValues = $oWpFunc->getOption( $this->sOptionsStoreKey, array() );
512
  if ( empty( $this->m_aOptionsValues ) ) {
513
+ $this->fNeedSave = true;
 
514
  }
515
  }
516
+ return $this->m_aOptionsValues;
517
  }
518
+
519
+ /**
520
+ */
521
  protected function defineOptions() {
522
+ $this->aOptions = $this->getOptionsDefinitions();
523
+
524
+ // All features store the current plugin version.
525
+ $this->aNonUiOptions = array( self::PluginVersionKey );
526
+ $aNonUiOptions = $this->getNonUiOptions();
527
+ if ( !empty( $aNonUiOptions ) || is_array( $aNonUiOptions ) ) {
528
+ $this->aNonUiOptions = array_merge( $this->aNonUiOptions, $aNonUiOptions );
529
  }
530
+ }
531
+
532
+ /**
533
+ * @return array
534
+ */
535
+ protected function getOptionsDefinitions() {
536
  $aMisc = array(
537
  'section_title' => 'Miscellaneous Plugin Options',
538
  'section_options' => array(
547
  ),
548
  ),
549
  );
550
+ $aOptionsDefinitions = array(
551
+ $aMisc
552
+ );
553
+ return $aOptionsDefinitions;
554
+ }
555
+
556
+ /**
557
+ * @return array
558
+ */
559
+ protected function getNonUiOptions() {
560
+ return array();
561
  }
562
 
563
  /**
564
  * Will initiate the plugin options structure for use by the UI builder.
565
+ *
566
  * It will also fill in $this->m_aOptionsValues with defaults where appropriate.
567
+ *
568
  * It doesn't set any values, just populates the array created in buildOptions()
569
  * with values stored.
570
+ *
571
  * It has to handle the conversion of stored values to data to be displayed to the user.
 
 
572
  */
573
  public function buildOptions() {
574
 
576
  $this->loadStoredOptionsValues();
577
 
578
  $this->aOptionsKeys = array();
579
+ foreach ( $this->aOptions as &$aOptionsSection ) {
580
+
581
  if ( empty( $aOptionsSection ) || !isset( $aOptionsSection['section_options'] ) ) {
582
  continue;
583
  }
584
+
585
  foreach ( $aOptionsSection['section_options'] as &$aOptionParams ) {
586
+
587
  list( $sOptionKey, $sOptionValue, $sOptionDefault, $sOptionType ) = $aOptionParams;
588
 
589
  $this->aOptionsKeys[] = $sOptionKey;
592
  $this->setOpt( $sOptionKey, $sOptionDefault );
593
  }
594
  $mCurrentOptionVal = $this->getOpt( $sOptionKey );
595
+
596
  if ( $sOptionType == 'password' && !empty( $mCurrentOptionVal ) ) {
597
  $mCurrentOptionVal = '';
598
  }
599
  else if ( $sOptionType == 'ip_addresses' ) {
600
+
601
  if ( empty( $mCurrentOptionVal ) ) {
602
  $mCurrentOptionVal = '';
603
  }
619
  }
620
  }
621
  else if ( $sOptionType == 'comma_separated_lists' ) {
622
+
623
  if ( empty( $mCurrentOptionVal ) ) {
624
  $mCurrentOptionVal = '';
625
  }
634
  $aOptionParams[1] = $mCurrentOptionVal;
635
  }
636
  }
637
+
638
  // Cater for Non-UI options that don't necessarily go through the UI
639
+ if ( isset( $this->aNonUiOptions ) && is_array( $this->aNonUiOptions ) ) {
640
+ foreach( $this->aNonUiOptions as $sOption ) {
641
  $this->aOptionsKeys[] = $sOption;
642
  if ( !$this->getOpt( $sOption ) ) {
643
  $this->setOpt( $sOption, '' );
645
  }
646
  }
647
  }
648
+
649
  /**
650
  * This is the point where you would want to do any options verification
651
  */
652
  protected function doPrePluginOptionsSave() { }
653
 
654
  /**
 
 
 
 
 
 
 
 
 
 
 
655
  */
656
  protected function updateOptionsVersion() {
657
+ $this->setOpt( self::PluginVersionKey, $this->oPluginVo->getVersion() );
658
  }
659
+
660
  /**
661
  * Deletes all the options including direct save.
662
  */
663
  public function deletePluginOptions() {
664
+ if ( apply_filters( $this->doPluginPrefix( 'has_permission_to_submit' ), true ) ) {
665
+ $oWpFunc = $this->loadWpFunctions();
666
+ $oWpFunc->deleteOption( $this->sOptionsStoreKey );
667
+
668
+ $this->getProcessor()->deleteAndCleanUp(); // gets rid of the databases used by the processors.
669
+
670
+ //prevents resaving
671
+ remove_action( $this->doPluginPrefix( 'plugin_shutdown' ), array( $this, 'action_doFeatureShutdown' ) );
672
+ }
673
  }
674
 
675
  protected function convertIpListForDisplay( $inaIpList = array() ) {
681
  foreach( $inaIpList['ips'] as $sAddress ) {
682
  // offset=1 in the case that it's a range and the first number is negative on 32-bit systems
683
  $mPos = strpos( $sAddress, '-', 1 );
684
+
685
  if ( $mPos === false ) { //plain IP address
686
  $sDisplayText = long2ip( $sAddress );
687
  }
698
  return $aDisplay;
699
  }
700
 
701
+ /**
702
+ *
703
+ */
704
+ public function handleFormSubmit() {
705
+ if ( !apply_filters( $this->doPluginPrefix( 'has_permission_to_submit' ), true ) ) {
706
+ // TODO: manage how we react to prohibited submissions
707
+ return false;
708
+ }
709
+
710
+ // Now verify this is really a valid submission.
711
+ check_admin_referer( $this->oPluginVo->getFullPluginPrefix() );
712
+
713
+ $this->loadDataProcessor();
714
+ $sAllOptions = ICWP_WPSF_DataProcessor::FetchPost( $this->doPluginPrefix( 'all_options_input', '_' ) );
715
+
716
+ if ( empty( $sAllOptions ) ) {
717
+ return true;
718
+ }
719
+
720
+ $this->updatePluginOptionsFromSubmit( $sAllOptions ); //it also saves
721
+ return true;
722
+ }
723
+
724
  /**
725
  * @param string $sAllOptionsInput - comma separated list of all the input keys to be processed from the $_POST
726
  * @return void|boolean
727
  */
728
  public function updatePluginOptionsFromSubmit( $sAllOptionsInput ) {
 
 
 
 
729
  if ( empty( $sAllOptionsInput ) ) {
730
  return;
731
  }
732
+ $this->loadDataProcessor();
733
  $this->loadStoredOptionsValues();
734
+
735
  $aAllInputOptions = explode( self::CollateSeparator, $sAllOptionsInput );
736
  foreach ( $aAllInputOptions as $sInputKey ) {
737
  $aInput = explode( ':', $sInputKey );
738
  list( $sOptionType, $sOptionKey ) = $aInput;
739
+
740
  if ( !$this->getIsOptionKey( $sOptionKey ) ) {
741
  continue;
742
  }
743
 
744
+ $sOptionValue = ICWP_WPSF_DataProcessor::FetchPost( $this->prefixOptionKey( $sOptionKey ) );
745
  if ( is_null($sOptionValue) ) {
746
+
747
  if ( $sOptionType == 'text' || $sOptionType == 'email' ) { //if it was a text box, and it's null, don't update anything
748
  continue;
749
  }
755
  }
756
  }
757
  else { //handle any pre-processing we need to.
758
+
759
  if ( $sOptionType == 'integer' ) {
760
  $sOptionValue = intval( $sOptionValue );
761
  }
767
  $sOptionValue = md5( $sTempValue );
768
  }
769
  else if ( $sOptionType == 'ip_addresses' ) { //ip addresses are textareas, where each is separated by newline
770
+ $sOptionValue = ICWP_WPSF_DataProcessor::ExtractIpAddresses( $sOptionValue );
771
  }
772
  else if ( $sOptionType == 'yubikey_unique_keys' ) { //ip addresses are textareas, where each is separated by newline and are 12 chars long
773
+ $sOptionValue = ICWP_WPSF_DataProcessor::CleanYubikeyUniqueKeys( $sOptionValue );
774
  }
775
  else if ( $sOptionType == 'email' && function_exists( 'is_email' ) && !is_email( $sOptionValue ) ) {
776
  $sOptionValue = '';
777
  }
778
  else if ( $sOptionType == 'comma_separated_lists' ) {
779
+ $sOptionValue = ICWP_WPSF_DataProcessor::ExtractCommaSeparatedList( $sOptionValue );
780
  }
781
  }
782
  $this->setOpt( $sOptionKey, $sOptionValue );
783
  }
784
+ return $this->savePluginOptions();
785
  }
786
+
787
  /**
788
  * Should be over-ridden by each new class to handle upgrades.
789
+ *
790
  * Called upon construction and after plugin options are initialized.
791
  */
792
+ protected function updateHandler() {
793
+ if ( version_compare( $this->getVersion(), '3.0.0', '<' ) ) {
794
+ $oWpFunctions = $this->loadWpFunctions();
795
+ $sKey = $this->doPluginPrefix( $this->getFeatureSlug().'_processor', '_' );
796
+ $oWpFunctions->deleteOption( $sKey );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
797
  }
798
  }
799
 
804
  return function_exists( 'md5' );
805
  // return extension_loaded( 'mcrypt' );
806
  }
807
+
808
  protected function getVisitorIpAddress( $infAsLong = true ) {
809
+ $this->loadDataProcessor();
810
  return ICWP_WPSF_DataProcessor::GetVisitorIpAddress( $infAsLong );
811
  }
812
+
813
  /**
814
+ * Prefixes an option key only if it's needed
815
+ *
816
+ * @param $sKey
817
+ * @return string
818
  */
819
+ protected function prefixOptionKey( $sKey ) {
820
+ return $this->doPluginPrefix( $sKey, '_' );
 
 
 
 
 
821
  }
822
+
823
+ /**
824
+ * Will prefix and return any string with the unique plugin prefix.
825
+ *
826
+ * @param string $sSuffix
827
+ * @param string $sGlue
828
+ * @return string
829
+ */
830
+ public function doPluginPrefix( $sSuffix = '', $sGlue = '-' ) {
831
+ $sPrefix = $this->oPluginVo->getFullPluginPrefix( $sGlue );
832
+
833
+ if ( $sSuffix == $sPrefix || strpos( $sSuffix, $sPrefix.$sGlue ) === 0 ) { //it already has the prefix
834
+ return $sSuffix;
835
+ }
836
+
837
+ return sprintf( '%s%s%s', $sPrefix, empty($sSuffix)? '' : $sGlue, empty($sSuffix)? '' : $sSuffix );
838
  }
839
+
840
+ /**
841
+ * @param string
842
+ * @return string
843
+ */
844
+ public function getOptionStoragePrefix() {
845
+ return $this->oPluginVo->getFullPluginPrefix( '_' ).'_';
846
  }
847
 
 
848
  /**
849
  * @param string $insExistingListKey
850
  * @param string $insFilterName
855
  if ( empty( $aFilterIps ) ) {
856
  return false;
857
  }
858
+
859
  $aNewIps = array();
860
  foreach( $aFilterIps as $mKey => $sValue ) {
861
  if ( is_string( $mKey ) ) { //it's the IP
868
  }
869
  $aNewIps[ $sIP ] = $sLabel;
870
  }
871
+
872
  // now add and store the new IPs
873
  $aExistingIpList = $this->getOpt( $insExistingListKey );
874
  if ( !is_array( $aExistingIpList ) ) {
882
  $this->setOpt( $insExistingListKey, $aNewList );
883
  }
884
  }
885
+
886
+ /**
887
+ */
888
+ public function displayFeatureConfigPage( ) {
889
+
890
+ if ( !apply_filters( $this->doPluginPrefix( 'has_permission_to_view' ), true ) ) {
891
+ $this->displayViewAccessRestrictedPage();
892
+ return;
893
+ }
894
+
895
+ // $aPluginSummaryData = apply_filters( $this->doPluginPrefix( 'get_feature_summary_data' ), array() );
896
+ $aData = array(
897
+ 'aSummaryData' => isset( $aPluginSummaryData ) ? $aPluginSummaryData : array()
898
+ );
899
+ $aData = array_merge( $this->getBaseDisplayData(), $aData );
900
+ $this->display( $aData );
901
+ }
902
+
903
+ public function getIsCurrentPageConfig() {
904
+ $oWpFunctions = $this->loadWpFunctions();
905
+ return $oWpFunctions->getCurrentWpAdminPage() == $this->doPluginPrefix( $this->sFeatureSlug );
906
+ }
907
+
908
+ /**
909
+ */
910
+ public function displayViewAccessRestrictedPage( ) {
911
+ $aData = array(
912
+ 'requested_page' => $this->doPluginPrefix( $this->sFeatureSlug )
913
+ );
914
+ $aData = array_merge( $this->getBaseDisplayData(), $aData );
915
+ $this->display( $aData, 'access_restricted_index' );
916
+ }
917
+
918
+ protected function getBaseDisplayData() {
919
+ return array(
920
+ 'var_prefix' => $this->oPluginVo->getOptionStoragePrefix(),
921
+ 'sPluginName' => $this->oPluginVo->getHumanName(),
922
+ 'sFeatureName' => $this->getMainFeatureName(),
923
+ 'fShowAds' => $this->getIsShowMarketing(),
924
+ 'nonce_field' => $this->oPluginVo->getFullPluginPrefix(),
925
+ 'form_action' => 'admin.php?page='.$this->doPluginPrefix( $this->sFeatureSlug ),
926
+
927
+ 'aAllOptions' => $this->getOptions(),
928
+ 'all_options_input' => $this->collateAllFormInputsForAllOptions()
929
+ );
930
+ }
931
+
932
+ /**
933
+ * @return boolean
934
+ */
935
+ protected function getIsShowMarketing() {
936
+ return apply_filters( $this->doPluginPrefix( 'show_marketing' ), true );
937
+ }
938
+
939
+ /**
940
+ * @param array $inaData
941
+ * @param string $sView
942
+ * @return bool
943
+ */
944
+ protected function display( $inaData = array(), $sView = '' ) {
945
+
946
+ if ( empty( $sView ) ) {
947
+ $oWpFs = $this->loadFileSystemProcessor();
948
+ $sCustomViewSource = $this->oPluginVo->getViewDir().$this->doPluginPrefix( 'config_'.$this->sFeatureSlug.'_index' ).'.php';
949
+ $sNormalViewSource = $this->oPluginVo->getViewDir().$this->doPluginPrefix( 'config_index' ).'.php';
950
+ $sFile = $oWpFs->exists( $sCustomViewSource ) ? $sCustomViewSource : $sNormalViewSource;
951
+ }
952
+ else {
953
+ $sFile = $this->oPluginVo->getViewDir().$this->doPluginPrefix( $sView ).'.php';
954
+ }
955
+
956
+ if ( !is_file( $sFile ) ) {
957
+ echo "View not found: ".$sFile;
958
+ return false;
959
+ }
960
+
961
+ if ( count( $inaData ) > 0 ) {
962
+ extract( $inaData, EXTR_PREFIX_ALL, $this->oPluginVo->getParentSlug() ); //slug being 'icwp'
963
+ }
964
+
965
+ ob_start();
966
+ include( $sFile );
967
+ $sContents = ob_get_contents();
968
+ ob_end_clean();
969
+
970
+ echo $sContents;
971
+ return true;
972
+ }
973
+
974
  protected function loadDataProcessor() {
975
  if ( !class_exists('ICWP_WPSF_DataProcessor') ) {
976
  require_once( dirname(__FILE__).'/icwp-data-processor.php' );
977
  }
978
  }
979
 
980
+ /**
981
+ * @return ICWP_WpFunctions_WPSF
982
+ */
983
+ protected function loadWpFunctions() {
984
+ return ICWP_WpFunctions_WPSF::GetInstance();
985
+ }
986
+
987
  /**
988
  * @return ICWP_WpFilesystem_WPSF
989
  */
990
  protected function loadFileSystemProcessor() {
991
+ if ( !class_exists('ICWP_WpFilesystem_WPSF') ) {
992
+ require_once( dirname(__FILE__) . '/icwp-wpfilesystem.php' );
993
+ }
994
  return ICWP_WpFilesystem_WPSF::GetInstance();
995
  }
996
+
997
  }
998
 
999
  endif;
1000
 
1001
+ class ICWP_WPSF_FeatureHandler_Base extends ICWP_WPSF_FeatureHandler_Base_V2 { }
src/{icwp-optionshandler-commentsfilter.php → icwp-optionshandler-comments_filter.php} RENAMED
@@ -17,23 +17,39 @@
17
 
18
  require_once( dirname(__FILE__).'/icwp-optionshandler-base.php' );
19
 
20
- if ( !class_exists('ICWP_OptionsHandler_CommentsFilter') ):
21
 
22
- class ICWP_OptionsHandler_CommentsFilter extends ICWP_OptionsHandler_Base_Wpsf {
23
 
24
- const StoreName = 'commentsfilter_options';
25
-
26
  const DefaultCommentCooldown = 30; //seconds.
27
  const DefaultCommentExpire = 600; //seconds.
28
 
29
- public function __construct( $insPrefix, $insVersion ) {
30
- parent::__construct( $insPrefix, self::StoreName, $insVersion );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
31
  }
32
 
33
  /**
34
- * @return bool|void
35
  */
36
- public function defineOptions() {
37
 
38
  $aBase = array(
39
  'section_title' => sprintf( _wpsf__( 'Enable Plugin Feature: %s' ), _wpsf__('SPAM Comments Protection Filter') ),
@@ -195,12 +211,13 @@ class ICWP_OptionsHandler_CommentsFilter extends ICWP_OptionsHandler_Base_Wpsf {
195
  )
196
  );
197
 
198
- $this->m_aOptions = array(
199
  $aBase,
200
  $aHumanSpam,
201
  $aGasp,
202
  $aCustomMessages
203
  );
 
204
  }
205
 
206
  /**
@@ -261,10 +278,6 @@ class ICWP_OptionsHandler_CommentsFilter extends ICWP_OptionsHandler_Base_Wpsf {
261
  }
262
  return $aFilterItems;
263
  }
264
-
265
- public function updateHandler() {
266
- $sCurrentVersion = empty( $this->m_aOptionsValues[ 'current_plugin_version' ] )? '0.0' : $this->m_aOptionsValues[ 'current_plugin_version' ];
267
- }
268
  }
269
 
270
  endif;
17
 
18
  require_once( dirname(__FILE__).'/icwp-optionshandler-base.php' );
19
 
20
+ if ( !class_exists('ICWP_WPSF_FeatureHandler_CommentsFilter') ):
21
 
22
+ class ICWP_WPSF_FeatureHandler_CommentsFilter extends ICWP_WPSF_FeatureHandler_Base {
23
 
 
 
24
  const DefaultCommentCooldown = 30; //seconds.
25
  const DefaultCommentExpire = 600; //seconds.
26
 
27
+ /**
28
+ * @var ICWP_WPSF_CommentsFilterProcessor
29
+ */
30
+ protected $oFeatureProcessor;
31
+
32
+ public function __construct( $oPluginVo ) {
33
+ $this->sFeatureName = _wpsf__('Comments Filter');
34
+ $this->sFeatureSlug = 'comments_filter';
35
+ parent::__construct( $oPluginVo, 'commentsfilter' ); //TODO: align this naming with the feature slug etc. as with the other features.
36
+ }
37
+
38
+ /**
39
+ * @return ICWP_WPSF_CommentsFilterProcessor|null
40
+ */
41
+ protected function loadFeatureProcessor() {
42
+ if ( !isset( $this->oFeatureProcessor ) ) {
43
+ require_once( dirname(__FILE__).'/icwp-processor-commentsfilter.php' );
44
+ $this->oFeatureProcessor = new ICWP_WPSF_CommentsFilterProcessor( $this );
45
+ }
46
+ return $this->oFeatureProcessor;
47
  }
48
 
49
  /**
50
+ * @return array
51
  */
52
+ protected function getOptionsDefinitions() {
53
 
54
  $aBase = array(
55
  'section_title' => sprintf( _wpsf__( 'Enable Plugin Feature: %s' ), _wpsf__('SPAM Comments Protection Filter') ),
211
  )
212
  );
213
 
214
+ $aOptionsDefinitions = array(
215
  $aBase,
216
  $aHumanSpam,
217
  $aGasp,
218
  $aCustomMessages
219
  );
220
+ return $aOptionsDefinitions;
221
  }
222
 
223
  /**
278
  }
279
  return $aFilterItems;
280
  }
 
 
 
 
281
  }
282
 
283
  endif;
src/icwp-optionshandler-email.php CHANGED
@@ -17,20 +17,40 @@
17
 
18
  require_once( dirname(__FILE__).'/icwp-optionshandler-base.php' );
19
 
20
- if ( !class_exists('ICWP_OptionsHandler_Email') ):
21
 
22
- class ICWP_OptionsHandler_Email extends ICWP_OptionsHandler_Base_Wpsf {
23
 
24
- const StoreName = 'email_options';
25
-
26
- public function __construct( $insPrefix, $insVersion ) {
27
- parent::__construct( $insPrefix, self::StoreName, $insVersion );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
28
  }
29
 
30
  /**
31
- * @return bool|void
32
  */
33
- public function defineOptions() {
34
  $aEmail = array(
35
  'section_title' => _wpsf__( 'Email Options' ),
36
  'section_options' => array(
@@ -55,9 +75,10 @@ class ICWP_OptionsHandler_Email extends ICWP_OptionsHandler_Base_Wpsf {
55
  )
56
  );
57
 
58
- $this->m_aOptions = array(
59
  $aEmail
60
  );
 
61
  }
62
 
63
  /**
@@ -79,12 +100,6 @@ class ICWP_OptionsHandler_Email extends ICWP_OptionsHandler_Base_Wpsf {
79
  $this->setOpt( 'send_email_throttle_limit', $sLimit );
80
  }
81
 
82
- protected function updateHandler() {
83
- $sCurrentVersion = empty( $this->m_aOptionsValues[ 'current_plugin_version' ] )? '0.0' : $this->m_aOptionsValues[ 'current_plugin_version' ];
84
- if ( version_compare( $sCurrentVersion, '2.3.0', '<=' ) ) {
85
- }
86
- }
87
-
88
  }
89
 
90
  endif;
17
 
18
  require_once( dirname(__FILE__).'/icwp-optionshandler-base.php' );
19
 
20
+ if ( !class_exists('ICWP_WPSF_FeatureHandler_Email') ):
21
 
22
+ class ICWP_WPSF_FeatureHandler_Email extends ICWP_WPSF_FeatureHandler_Base {
23
 
24
+ /**
25
+ * @var ICWP_WPSF_EmailProcessor
26
+ */
27
+ protected $oFeatureProcessor;
28
+
29
+ /**
30
+ * @param $oPluginVo
31
+ */
32
+ public function __construct( $oPluginVo ) {
33
+ $this->sFeatureName = _wpsf__('Email');
34
+ $this->sFeatureSlug = 'email';
35
+ $this->fShowFeatureMenuItem = false;
36
+ parent::__construct( $oPluginVo );
37
+ }
38
+
39
+ /**
40
+ * @return ICWP_WPSF_EmailProcessor|null
41
+ */
42
+ protected function loadFeatureProcessor() {
43
+ if ( !isset( $this->oFeatureProcessor ) ) {
44
+ require_once( dirname(__FILE__).'/icwp-processor-email.php' );
45
+ $this->oFeatureProcessor = new ICWP_WPSF_EmailProcessor( $this );
46
+ }
47
+ return $this->oFeatureProcessor;
48
  }
49
 
50
  /**
51
+ * @return array
52
  */
53
+ protected function getOptionsDefinitions() {
54
  $aEmail = array(
55
  'section_title' => _wpsf__( 'Email Options' ),
56
  'section_options' => array(
75
  )
76
  );
77
 
78
+ $aOptionsDefinitions = array(
79
  $aEmail
80
  );
81
+ return $aOptionsDefinitions;
82
  }
83
 
84
  /**
100
  $this->setOpt( 'send_email_throttle_limit', $sLimit );
101
  }
102
 
 
 
 
 
 
 
103
  }
104
 
105
  endif;
src/icwp-optionshandler-firewall.php CHANGED
@@ -17,14 +17,30 @@
17
 
18
  require_once( dirname(__FILE__).'/icwp-optionshandler-base.php' );
19
 
20
- if ( !class_exists('ICWP_OptionsHandler_Firewall') ):
21
 
22
- class ICWP_OptionsHandler_Firewall extends ICWP_OptionsHandler_Base_Wpsf {
23
 
24
- const StoreName = 'firewall_options';
25
-
26
- public function __construct( $insPrefix, $insVersion ) {
27
- parent::__construct( $insPrefix, self::StoreName, $insVersion );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
28
  }
29
 
30
  /**
@@ -59,9 +75,9 @@ class ICWP_OptionsHandler_Firewall extends ICWP_OptionsHandler_Base_Wpsf {
59
  }
60
 
61
  /**
62
- * @return bool|void
63
  */
64
- public function defineOptions() {
65
  $aFirewallBase = array(
66
  'section_title' => sprintf( _wpsf__( 'Enable Plugin Feature: %s' ), _wpsf__('WordPress Firewall') ),
67
  'section_options' => array(
@@ -211,7 +227,7 @@ class ICWP_OptionsHandler_Firewall extends ICWP_OptionsHandler_Base_Wpsf {
211
  array(
212
  'whitelist_admins',
213
  '',
214
- 'Y',
215
  'checkbox',
216
  sprintf( _wpsf__( 'Ignore %s' ), _wpsf__( 'Administrators' ) ),
217
  _wpsf__( 'Ignore users logged in as Administrator' ),
@@ -244,7 +260,7 @@ class ICWP_OptionsHandler_Firewall extends ICWP_OptionsHandler_Base_Wpsf {
244
  )
245
  );
246
  $aMisc = array(
247
- 'section_title' => _wpsf__( 'Miscellaneous Plugin Options' ),
248
  'section_options' => array(
249
  array(
250
  'enable_firewall_log',
@@ -252,13 +268,13 @@ class ICWP_OptionsHandler_Firewall extends ICWP_OptionsHandler_Base_Wpsf {
252
  'N',
253
  'checkbox',
254
  _wpsf__( 'Firewall Logging' ),
255
- _wpsf__( 'Turn on a detailed Firewall Log' ),
256
  _wpsf__( 'Will log every visit to the site and how the firewall processes it. Not recommended to leave on unless you want to debug something and check the firewall is working as you expect' )
257
  )
258
  )
259
  );
260
 
261
- $this->m_aOptions = array(
262
  $aFirewallBase,
263
  $aBlockSection,
264
  $aWhitelistSection,
@@ -266,15 +282,36 @@ class ICWP_OptionsHandler_Firewall extends ICWP_OptionsHandler_Base_Wpsf {
266
  $aBlockTypesSection,
267
  $aMisc
268
  );
 
269
  }
270
 
271
- public function updateHandler() {
 
 
 
 
 
 
 
272
 
273
- $sCurrentVersion = empty( $this->m_aOptionsValues[ 'current_plugin_version' ] )? '0.0' : $this->m_aOptionsValues[ 'current_plugin_version' ];
274
- if ( version_compare( $sCurrentVersion, '1.4.0', '<' ) ) {
275
- }//v1.4.0
 
 
 
 
 
 
 
 
 
276
  }
277
 
 
 
 
 
278
  public function addRawIpsToFirewallList( $insListName, $inaNewIps ) {
279
  if ( empty( $inaNewIps ) ) {
280
  return;
17
 
18
  require_once( dirname(__FILE__).'/icwp-optionshandler-base.php' );
19
 
20
+ if ( !class_exists('ICWP_WPSF_FeatureHandler_Firewall') ):
21
 
22
+ class ICWP_WPSF_FeatureHandler_Firewall extends ICWP_WPSF_FeatureHandler_Base {
23
 
24
+ /**
25
+ * @var ICWP_WPSF_FirewallProcessor
26
+ */
27
+ protected $oFeatureProcessor;
28
+
29
+ public function __construct( $oPluginVo ) {
30
+ $this->sFeatureName = _wpsf__('Firewall');
31
+ $this->sFeatureSlug = 'firewall';
32
+ parent::__construct( $oPluginVo );
33
+ }
34
+
35
+ /**
36
+ * @return ICWP_WPSF_FirewallProcessor|null
37
+ */
38
+ protected function loadFeatureProcessor() {
39
+ if ( !isset( $this->oFeatureProcessor ) ) {
40
+ require_once( dirname(__FILE__).'/icwp-processor-firewall.php' );
41
+ $this->oFeatureProcessor = new ICWP_WPSF_FirewallProcessor( $this );
42
+ }
43
+ return $this->oFeatureProcessor;
44
  }
45
 
46
  /**
75
  }
76
 
77
  /**
78
+ * @return array
79
  */
80
+ protected function getOptionsDefinitions() {
81
  $aFirewallBase = array(
82
  'section_title' => sprintf( _wpsf__( 'Enable Plugin Feature: %s' ), _wpsf__('WordPress Firewall') ),
83
  'section_options' => array(
227
  array(
228
  'whitelist_admins',
229
  '',
230
+ 'N',
231
  'checkbox',
232
  sprintf( _wpsf__( 'Ignore %s' ), _wpsf__( 'Administrators' ) ),
233
  _wpsf__( 'Ignore users logged in as Administrator' ),
260
  )
261
  );
262
  $aMisc = array(
263
+ 'section_title' => _wpsf__( 'Logging Options' ),
264
  'section_options' => array(
265
  array(
266
  'enable_firewall_log',
268
  'N',
269
  'checkbox',
270
  _wpsf__( 'Firewall Logging' ),
271
+ _wpsf__( 'Turn on Firewall Log' ),
272
  _wpsf__( 'Will log every visit to the site and how the firewall processes it. Not recommended to leave on unless you want to debug something and check the firewall is working as you expect' )
273
  )
274
  )
275
  );
276
 
277
+ $aOptionsDefinitions = array(
278
  $aFirewallBase,
279
  $aBlockSection,
280
  $aWhitelistSection,
282
  $aBlockTypesSection,
283
  $aMisc
284
  );
285
+ return $aOptionsDefinitions;
286
  }
287
 
288
+ /**
289
+ * @return bool
290
+ */
291
+ public function handleFormSubmit() {
292
+ if ( !parent::handleFormSubmit() ) {
293
+ return false;
294
+ }
295
+ $this->loadDataProcessor();
296
 
297
+ if ( ICWP_WPSF_DataProcessor::FetchPost( 'clear_log_submit' ) ) {
298
+ $oLoggingProcessor = $this->getLoggingProcessor();
299
+ $oLoggingProcessor->recreateTable();
300
+ return true;
301
+ }
302
+
303
+ $this->addRawIpsToFirewallList( 'ips_whitelist', array( ICWP_WPSF_DataProcessor::FetchGet( 'whiteip' ) ) );
304
+ $this->removeRawIpsFromFirewallList( 'ips_whitelist', array( ICWP_WPSF_DataProcessor::FetchGet( 'unwhiteip' ) ) );
305
+ $this->addRawIpsToFirewallList( 'ips_blacklist', array( ICWP_WPSF_DataProcessor::FetchGet( 'blackip' ) ) );
306
+ $this->removeRawIpsFromFirewallList( 'ips_blacklist', array( ICWP_WPSF_DataProcessor::FetchGet( 'unblackip' ) ) );
307
+
308
+ return true;
309
  }
310
 
311
+ /**
312
+ * @param $insListName
313
+ * @param $inaNewIps
314
+ */
315
  public function addRawIpsToFirewallList( $insListName, $inaNewIps ) {
316
  if ( empty( $inaNewIps ) ) {
317
  return;
src/icwp-optionshandler-lockdown.php CHANGED
@@ -17,16 +17,35 @@
17
 
18
  require_once( dirname(__FILE__).'/icwp-optionshandler-base.php' );
19
 
20
- if ( !class_exists('ICWP_OptionsHandler_Lockdown') ):
21
 
22
- class ICWP_OptionsHandler_Lockdown extends ICWP_OptionsHandler_Base_Wpsf {
23
-
24
- const StoreName = 'lockdown_options';
25
-
26
- public function __construct( $insPrefix, $insVersion ) {
27
- parent::__construct( $insPrefix, self::StoreName, $insVersion );
 
 
 
 
 
 
 
 
28
  }
29
-
 
 
 
 
 
 
 
 
 
 
 
30
  public function doPrePluginOptionsSave() {
31
 
32
  if ( $this->getOpt( 'action_reset_auth_salts' ) == 'Y' ) {
@@ -43,9 +62,9 @@ class ICWP_OptionsHandler_Lockdown extends ICWP_OptionsHandler_Base_Wpsf {
43
  }
44
 
45
  /**
46
- * @return bool|void
47
  */
48
- public function defineOptions() {
49
 
50
  $aBase = array(
51
  'section_title' => sprintf( _wpsf__( 'Enable Plugin Feature: %s' ), _wpsf__('WordPress Lockdown') ),
@@ -113,18 +132,28 @@ class ICWP_OptionsHandler_Lockdown extends ICWP_OptionsHandler_Base_Wpsf {
113
  _wpsf__( 'Enter how you would like your WordPress version displayed publicly. Leave blank to disable this feature.' )
114
  .'<br />'._wpsf__( 'Warning: This may interfere with WordPress plugins that rely on the $wp_version variable.' ),
115
  '<a href="http://icwp.io/43" target="_blank">'._wpsf__( 'more info' ).'</a>'
 
 
 
 
 
 
 
 
 
116
  )
117
  )
118
  );
119
 
120
- $this->m_aOptions = array(
121
  $aBase,
122
  $aAccess,
123
  $aObscurity
124
  );
125
-
 
126
  if ( false && $this->getCanDoAuthSalts() ) {
127
- $this->m_aOptions[] = array(
128
  'section_title' => _wpsf__( 'Security Actions' ),
129
  'section_options' => array(
130
  array(
17
 
18
  require_once( dirname(__FILE__).'/icwp-optionshandler-base.php' );
19
 
20
+ if ( !class_exists('ICWP_WPSF_FeatureHandler_Lockdown') ):
21
 
22
+ class ICWP_WPSF_FeatureHandler_Lockdown extends ICWP_WPSF_FeatureHandler_Base {
23
+
24
+ /**
25
+ * @var ICWP_WPSF_LockdownProcessor
26
+ */
27
+ protected $oFeatureProcessor;
28
+
29
+ /**
30
+ * @param $oPluginVo
31
+ */
32
+ public function __construct( $oPluginVo ) {
33
+ $this->sFeatureName = _wpsf__('Lockdown');
34
+ $this->sFeatureSlug = 'lockdown';
35
+ parent::__construct( $oPluginVo );
36
  }
37
+
38
+ /**
39
+ * @return ICWP_WPSF_LockdownProcessor|null
40
+ */
41
+ protected function loadFeatureProcessor() {
42
+ if ( !isset( $this->oFeatureProcessor ) ) {
43
+ require_once( dirname(__FILE__).'/icwp-processor-lockdown.php' );
44
+ $this->oFeatureProcessor = new ICWP_WPSF_LockdownProcessor( $this );
45
+ }
46
+ return $this->oFeatureProcessor;
47
+ }
48
+
49
  public function doPrePluginOptionsSave() {
50
 
51
  if ( $this->getOpt( 'action_reset_auth_salts' ) == 'Y' ) {
62
  }
63
 
64
  /**
65
+ * @return array
66
  */
67
+ protected function getOptionsDefinitions() {
68
 
69
  $aBase = array(
70
  'section_title' => sprintf( _wpsf__( 'Enable Plugin Feature: %s' ), _wpsf__('WordPress Lockdown') ),
132
  _wpsf__( 'Enter how you would like your WordPress version displayed publicly. Leave blank to disable this feature.' )
133
  .'<br />'._wpsf__( 'Warning: This may interfere with WordPress plugins that rely on the $wp_version variable.' ),
134
  '<a href="http://icwp.io/43" target="_blank">'._wpsf__( 'more info' ).'</a>'
135
+ ),
136
+ array(
137
+ 'hide_wordpress_generator_tag',
138
+ '',
139
+ 'N',
140
+ 'checkbox',
141
+ _wpsf__( 'WP Generator Tag' ),
142
+ _wpsf__( 'Remove WP Generator Meta Tag' ),
143
+ _wpsf__( 'Remove a meta tag from your WordPress pages that publicly displays that your site is WordPress and its current version.' )
144
  )
145
  )
146
  );
147
 
148
+ $aOptionsDefinitions = array(
149
  $aBase,
150
  $aAccess,
151
  $aObscurity
152
  );
153
+ return $aOptionsDefinitions;
154
+
155
  if ( false && $this->getCanDoAuthSalts() ) {
156
+ $this->aOptions[] = array(
157
  'section_title' => _wpsf__( 'Security Actions' ),
158
  'section_options' => array(
159
  array(
src/icwp-optionshandler-logging.php CHANGED
@@ -17,20 +17,40 @@
17
 
18
  require_once( dirname(__FILE__).'/icwp-optionshandler-base.php' );
19
 
20
- if ( !class_exists('ICWP_OptionsHandler_Logging') ):
21
 
22
- class ICWP_OptionsHandler_Logging extends ICWP_OptionsHandler_Base_Wpsf {
23
 
24
- const StoreName = 'logging_options';
25
-
26
- public function __construct( $insPrefix, $insVersion ) {
27
- parent::__construct( $insPrefix, self::StoreName, $insVersion );
 
 
 
 
 
 
 
 
 
28
  }
29
 
30
  /**
31
- * @return bool|void
32
  */
33
- public function defineOptions() {
 
 
 
 
 
 
 
 
 
 
 
34
  $aBase = array(
35
  'section_title' => _wpsf__( 'Enable Logging' ),
36
  'section_options' => array(
@@ -45,9 +65,11 @@ class ICWP_OptionsHandler_Logging extends ICWP_OptionsHandler_Base_Wpsf {
45
  )
46
  )
47
  );
48
- $this->m_aOptions = array(
 
49
  $aBase
50
  );
 
51
  }
52
 
53
  /**
17
 
18
  require_once( dirname(__FILE__).'/icwp-optionshandler-base.php' );
19
 
20
+ if ( !class_exists('ICWP_WPSF_FeatureHandler_Logging') ):
21
 
22
+ class ICWP_WPSF_FeatureHandler_Logging extends ICWP_WPSF_FeatureHandler_Base {
23
 
24
+ /**
25
+ * @var ICWP_WPSF_LoggingProcessor
26
+ */
27
+ protected $oFeatureProcessor;
28
+
29
+ /**
30
+ * @param $oPluginVo
31
+ */
32
+ public function __construct( $oPluginVo ) {
33
+ $this->sFeatureName = _wpsf__('Logging');
34
+ $this->sFeatureSlug = 'logging';
35
+ $this->fShowFeatureMenuItem = false;
36
+ parent::__construct( $oPluginVo );
37
  }
38
 
39
  /**
40
+ * @return ICWP_WPSF_LoggingProcessor|null
41
  */
42
+ protected function loadFeatureProcessor() {
43
+ if ( !isset( $this->oFeatureProcessor ) ) {
44
+ require_once( dirname(__FILE__).'/icwp-processor-logging.php' );
45
+ $this->oFeatureProcessor = new ICWP_WPSF_LoggingProcessor( $this );
46
+ }
47
+ return $this->oFeatureProcessor;
48
+ }
49
+
50
+ /**
51
+ * @return array
52
+ */
53
+ protected function getOptionsDefinitions() {
54
  $aBase = array(
55
  'section_title' => _wpsf__( 'Enable Logging' ),
56
  'section_options' => array(
65
  )
66
  )
67
  );
68
+
69
+ $aOptionsDefinitions = array(
70
  $aBase
71
  );
72
+ return $aOptionsDefinitions;
73
  }
74
 
75
  /**
src/{icwp-optionshandler-loginprotect.php → icwp-optionshandler-login_protect.php} RENAMED
@@ -17,14 +17,30 @@
17
 
18
  require_once( dirname(__FILE__).'/icwp-optionshandler-base.php' );
19
 
20
- if ( !class_exists('ICWP_OptionsHandler_LoginProtect') ):
21
 
22
- class ICWP_OptionsHandler_LoginProtect extends ICWP_OptionsHandler_Base_Wpsf {
23
 
24
- const StoreName = 'loginprotect_options';
25
-
26
- public function __construct( $insPrefix, $insVersion ) {
27
- parent::__construct( $insPrefix, self::StoreName, $insVersion );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
28
  }
29
 
30
  public function doPrePluginOptionsSave() {
@@ -39,13 +55,14 @@ class ICWP_OptionsHandler_LoginProtect extends ICWP_OptionsHandler_Base_Wpsf {
39
  if ( empty($aTwoFactorAuthRoles) || !is_array( $aTwoFactorAuthRoles ) ) {
40
  $this->setOpt( 'two_factor_auth_user_roles', $this->getTwoFactorUserAuthRoles( true ) );
41
  }
 
 
42
  }
43
 
44
  /**
45
- * @return bool|void
46
  */
47
- public function defineOptions() {
48
-
49
  $aOptionsBase = array(
50
  'section_title' => sprintf( _wpsf__( 'Enable Plugin Feature: %s' ), _wpsf__('Login Protection') ),
51
  'section_options' => array(
@@ -237,7 +254,7 @@ class ICWP_OptionsHandler_LoginProtect extends ICWP_OptionsHandler_Base_Wpsf {
237
  )
238
  );
239
 
240
- $this->m_aOptions = array(
241
  $aOptionsBase,
242
  $aWhitelist,
243
  $aLoginProtect,
@@ -245,23 +262,36 @@ class ICWP_OptionsHandler_LoginProtect extends ICWP_OptionsHandler_Base_Wpsf {
245
  $aYubikeyProtect,
246
  $aLoggingSection
247
  );
 
248
  }
249
 
250
- public function updateHandler() {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
251
 
252
- $sCurrentVersion = empty( $this->m_aOptionsValues[ 'current_plugin_version' ] )? '0.0' : $this->m_aOptionsValues[ 'current_plugin_version' ];
253
- if ( version_compare( $sCurrentVersion, '1.4.0', '<' ) ) {
254
- $aSettingsKey = array(
255
- 'current_plugin_version',
256
- 'enable_login_protect',
257
- 'enable_two_factor_auth_by_ip',
258
- 'enable_two_factor_bypass_on_email_fail',
259
- 'login_limit_interval',
260
- 'enable_login_gasp_check',
261
- 'enable_login_protect_log',
262
- );
263
- $this->migrateOptions( $aSettingsKey );
264
- }//'1.4.0', '<'
265
  }
266
 
267
  /**
@@ -283,6 +313,38 @@ class ICWP_OptionsHandler_LoginProtect extends ICWP_OptionsHandler_Base_Wpsf {
283
  }
284
  return $aTwoAuthRoles;
285
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
286
  }
287
 
288
  endif;
17
 
18
  require_once( dirname(__FILE__).'/icwp-optionshandler-base.php' );
19
 
20
+ if ( !class_exists('ICWP_WPSF_FeatureHandler_LoginProtect') ):
21
 
22
+ class ICWP_WPSF_FeatureHandler_LoginProtect extends ICWP_WPSF_FeatureHandler_Base {
23
 
24
+ /**
25
+ * @var ICWP_WPSF_LoginProtectProcessor
26
+ */
27
+ protected $oFeatureProcessor;
28
+
29
+ public function __construct( $oPluginVo ) {
30
+ $this->sFeatureName = _wpsf__('Login Protection');
31
+ $this->sFeatureSlug = 'login_protect';
32
+ parent::__construct( $oPluginVo, 'loginprotect' ); //TODO: align this naming with the feature slug etc. as with the other features.
33
+ }
34
+
35
+ /**
36
+ * @return ICWP_WPSF_LoginProtectProcessor|null
37
+ */
38
+ protected function loadFeatureProcessor() {
39
+ if ( !isset( $this->oFeatureProcessor ) ) {
40
+ require_once( dirname(__FILE__).'/icwp-processor-loginprotect.php' );
41
+ $this->oFeatureProcessor = new ICWP_WPSF_LoginProtectProcessor( $this );
42
+ }
43
+ return $this->oFeatureProcessor;
44
  }
45
 
46
  public function doPrePluginOptionsSave() {
55
  if ( empty($aTwoFactorAuthRoles) || !is_array( $aTwoFactorAuthRoles ) ) {
56
  $this->setOpt( 'two_factor_auth_user_roles', $this->getTwoFactorUserAuthRoles( true ) );
57
  }
58
+
59
+ $this->setKeys(); // ensures they have values
60
  }
61
 
62
  /**
63
+ * @return array
64
  */
65
+ protected function getOptionsDefinitions() {
 
66
  $aOptionsBase = array(
67
  'section_title' => sprintf( _wpsf__( 'Enable Plugin Feature: %s' ), _wpsf__('Login Protection') ),
68
  'section_options' => array(
254
  )
255
  );
256
 
257
+ $aOptionsDefinitions = array(
258
  $aOptionsBase,
259
  $aWhitelist,
260
  $aLoginProtect,
262
  $aYubikeyProtect,
263
  $aLoggingSection
264
  );
265
+ return $aOptionsDefinitions;
266
  }
267
 
268
+ /**
269
+ * @return array
270
+ */
271
+ protected function getNonUiOptions() {
272
+ $aNonUiOptions = array(
273
+ 'gasp_key',
274
+ 'two_factor_secret_key'
275
+ );
276
+ return $aNonUiOptions;
277
+ }
278
+
279
+ /**
280
+ * @return bool|void
281
+ */
282
+ public function handleFormSubmit() {
283
+ $fSuccess = parent::handleFormSubmit();
284
+ if ( !$fSuccess ) {
285
+ return;
286
+ }
287
+
288
+ // When they've clicked to terminate all logged in authenticated users.
289
+ if ( ICWP_WPSF_DataProcessor::FetchPost( 'terminate-all-logins' ) ) {
290
+ $oProc = $this->getProcessor();
291
+ $oProc->doTerminateAllVerifiedLogins();
292
+ return;
293
+ }
294
 
 
 
 
 
 
 
 
 
 
 
 
 
 
295
  }
296
 
297
  /**
313
  }
314
  return $aTwoAuthRoles;
315
  }
316
+
317
+ /**
318
+ * @return string
319
+ */
320
+ public function setKeys() {
321
+ $this->getTwoAuthSecretKey();
322
+ $this->getGaspKey();
323
+ }
324
+
325
+ /**
326
+ * @return string
327
+ */
328
+ public function getGaspKey() {
329
+ $sKey = $this->getOpt( 'gasp_key' );
330
+ if ( empty( $sKey ) ) {
331
+ $sKey = uniqid();
332
+ $this->setOpt( 'gasp_key', $sKey );
333
+ }
334
+ return $sKey;
335
+ }
336
+
337
+ /**
338
+ * @return string
339
+ */
340
+ public function getTwoAuthSecretKey() {
341
+ $sKey = $this->getOpt( 'two_factor_secret_key' );
342
+ if ( empty( $sKey ) ) {
343
+ $sKey = md5( mt_rand() );
344
+ $this->setOpt( 'two_factor_secret_key', $sKey );
345
+ }
346
+ return $sKey;
347
+ }
348
  }
349
 
350
  endif;
src/icwp-optionshandler-plugin.php ADDED
@@ -0,0 +1,199 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Copyright (c) 2014 iControlWP <support@icontrolwp.com>
4
+ * All rights reserved.
5
+ *
6
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
7
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
8
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
9
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
10
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
11
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
12
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
13
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
14
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
15
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
16
+ */
17
+
18
+ require_once( dirname(__FILE__).'/icwp-optionshandler-base.php' );
19
+
20
+ if ( !class_exists('ICWP_WPSF_FeatureHandler_Plugin') ):
21
+
22
+ class ICWP_WPSF_FeatureHandler_Plugin extends ICWP_WPSF_FeatureHandler_Base {
23
+
24
+ const Default_AccessKeyTimeout = 30;
25
+
26
+ /**
27
+ * @var ICWP_WPSF_PluginProcessor
28
+ */
29
+ protected $oFeatureProcessor;
30
+
31
+ public function __construct( $oPluginVo ) {
32
+ $this->sFeatureName = _wpsf__('Dashboard');
33
+ $this->sFeatureSlug = 'plugin';
34
+ parent::__construct( $oPluginVo, 'plugin' );
35
+
36
+ add_action( 'deactivate_plugin', array( $this, 'onWpHookDeactivatePlugin' ), 1, 1 );
37
+ add_filter( $this->doPluginPrefix( 'report_email_address' ), array( $this, 'getPluginReportEmail' ) );
38
+ }
39
+
40
+ /**
41
+ * @return ICWP_WPSF_PluginProcessor|null
42
+ */
43
+ protected function loadFeatureProcessor() {
44
+ if ( !isset( $this->oFeatureProcessor ) ) {
45
+ require_once( dirname(__FILE__).'/icwp-processor-plugin.php' );
46
+ $this->oFeatureProcessor = new ICWP_WPSF_PluginProcessor( $this );
47
+ }
48
+ return $this->oFeatureProcessor;
49
+ }
50
+
51
+ /**
52
+ * @return mixed
53
+ */
54
+ public function getIsMainFeatureEnabled() {
55
+ return true;
56
+ }
57
+
58
+ /**
59
+ * @param array $aSummaryData
60
+ * @return array
61
+ */
62
+ public function filter_getFeatureSummaryData( $aSummaryData ) {
63
+ return $aSummaryData;
64
+ }
65
+
66
+ /**
67
+ */
68
+ public function displayFeatureConfigPage( ) {
69
+
70
+ if ( !apply_filters( $this->doPluginPrefix( 'has_permission_to_view' ), true ) ) {
71
+ $this->displayViewAccessRestrictedPage();
72
+ return;
73
+ }
74
+
75
+ $aPluginSummaryData = apply_filters( $this->doPluginPrefix( 'get_feature_summary_data' ), array() );
76
+
77
+ $aData = array(
78
+ 'aAllOptions' => $this->getOptions(),
79
+ 'all_options_input' => $this->collateAllFormInputsForAllOptions(),
80
+ 'aSummaryData' => $aPluginSummaryData
81
+ );
82
+ $aData = array_merge( $this->getBaseDisplayData(), $aData );
83
+ $this->display( $aData );
84
+ }
85
+
86
+ /**
87
+ * Hooked to 'deactivate_plugin' and can be used to interrupt the deactivation of this plugin.
88
+ * @param string $insPlugin
89
+ */
90
+ public function onWpHookDeactivatePlugin( $insPlugin ) {
91
+ if ( strpos( $this->oPluginVo->getRootFile(), $insPlugin ) !== false ) {
92
+ if ( !apply_filters( $this->doPluginPrefix( 'has_permission_to_submit' ), true ) ) {
93
+ wp_die( 'Sorry, you do not have permission to disable this plugin. You need to authenticate first.' );
94
+ }
95
+ }
96
+ }
97
+
98
+ /**
99
+ * @param $sEmail
100
+ * @return string
101
+ */
102
+ public function getPluginReportEmail( $sEmail ) {
103
+ $sReportEmail = $this->getOpt( 'block_send_email_address' );
104
+ if ( !empty( $sReportEmail ) && is_email( $sReportEmail ) ) {
105
+ $sEmail = $sReportEmail;
106
+ }
107
+ return $sEmail;
108
+ }
109
+
110
+ /**
111
+ * @return array
112
+ */
113
+ protected function getOptionsDefinitions() {
114
+ $aGeneral = array(
115
+ 'section_title' => _wpsf__( 'General Plugin Options' ),
116
+ 'section_options' => array(
117
+ array(
118
+ 'block_send_email_address',
119
+ '',
120
+ '',
121
+ 'email',
122
+ _wpsf__( 'Report Email' ),
123
+ _wpsf__( 'Where to send email reports from the Firewall' ),
124
+ _wpsf__( 'If this is empty, it will default to the blog admin email address' )
125
+ ),
126
+ array(
127
+ 'enable_upgrade_admin_notice',
128
+ '',
129
+ 'Y',
130
+ 'checkbox',
131
+ _wpsf__( 'Plugin Notices' ),
132
+ _wpsf__( 'Display Notices For Updates' ),
133
+ _wpsf__( 'Disable this option to hide certain plugin admin notices about available updates and post-update notices' )
134
+ ),
135
+ array(
136
+ 'delete_on_deactivate',
137
+ '',
138
+ 'N',
139
+ 'checkbox',
140
+ _wpsf__( 'Delete Plugin Settings' ),
141
+ _wpsf__( 'Delete All Plugin Settings Upon Plugin Deactivation' ),
142
+ _wpsf__( 'Careful: Removes all plugin options when you deactivate the plugin' )
143
+ )
144
+ )
145
+ );
146
+
147
+ $aOptionsDefinitions = array(
148
+ $aGeneral
149
+ );
150
+ return $aOptionsDefinitions;
151
+ }
152
+
153
+ /**
154
+ * @return array
155
+ */
156
+ protected function getNonUiOptions() {
157
+ $aNonUiOptions = array(
158
+ 'installation_time',
159
+ 'secret_key',
160
+ 'feedback_admin_notice',
161
+ 'update_success_tracker',
162
+ 'capability_can_disk_write',
163
+ 'capability_can_remote_get'
164
+ );
165
+ return $aNonUiOptions;
166
+ }
167
+
168
+ /**
169
+ * This is the point where you would want to do any options verification
170
+ */
171
+ protected function doPrePluginOptionsSave() {
172
+
173
+ if ( $this->getOpt( 'admin_access_key_timeout' ) <= 0 ) {
174
+ $this->setOpt( 'admin_access_key_timeout', self::Default_AccessKeyTimeout );
175
+ }
176
+
177
+ $sAccessKey = $this->getOpt( 'admin_access_key');
178
+ if ( empty( $sAccessKey ) ) {
179
+ $this->setOpt( 'enable_admin_access_restriction', 'N' );
180
+ }
181
+
182
+ $this->setOpt( 'enable_logging', 'Y' );
183
+
184
+ $nInstalledAt = $this->getOpt( 'installation_time' );
185
+ if ( empty($nInstalledAt) || $nInstalledAt <= 0 ) {
186
+ $this->setOpt( 'installation_time', time() );
187
+ }
188
+ }
189
+
190
+ protected function updateHandler() {
191
+ parent::updateHandler();
192
+ if ( version_compare( $this->getVersion(), '3.0.0', '<' ) ) {
193
+ $aAllOptions = apply_filters( $this->doPluginPrefix( 'aggregate_all_plugin_options' ), array() );
194
+ $this->setOpt( 'block_send_email_address', $aAllOptions['block_send_email_address'] );
195
+ }
196
+ }
197
+ }
198
+
199
+ endif;
src/{icwp-optionshandler-privacyprotect.php → icwp-optionshandler-privacy_protect.php} RENAMED
@@ -17,22 +17,38 @@
17
 
18
  require_once( dirname(__FILE__).'/icwp-optionshandler-base.php' );
19
 
20
- if ( !class_exists('ICWP_OptionsHandler_PrivacyProtect') ):
21
 
22
- class ICWP_OptionsHandler_PrivacyProtect extends ICWP_OptionsHandler_Base_Wpsf {
23
-
24
- const StoreName = 'privacyprotect_options';
25
-
26
- public function __construct( $insPrefix, $insVersion ) {
27
- parent::__construct( $insPrefix, self::StoreName, $insVersion );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
28
  }
29
 
30
  public function doPrePluginOptionsSave() { }
31
 
32
  /**
33
- * @return bool|void
34
  */
35
- public function defineOptions() {
36
 
37
  $aOptionsBase = array(
38
  'section_title' => _wpsf__( 'Enable Privacy Protection' ),
@@ -85,14 +101,25 @@ class ICWP_OptionsHandler_PrivacyProtect extends ICWP_OptionsHandler_Base_Wpsf {
85
  )
86
  );
87
 
88
- $this->m_aOptions = array(
89
  $aOptionsBase,
90
  $aFurtherOptions
91
  );
 
92
  }
93
 
94
- public function updateHandler() {
95
- $sCurrentVersion = empty( $this->m_aOptionsValues[ 'current_plugin_version' ] )? '0.0' : $this->m_aOptionsValues[ 'current_plugin_version' ];
 
 
 
 
 
 
 
 
 
 
96
  }
97
  }
98
 
17
 
18
  require_once( dirname(__FILE__).'/icwp-optionshandler-base.php' );
19
 
20
+ if ( !class_exists('ICWP_WPSF_FeatureHandler_PrivacyProtect') ):
21
 
22
+ class ICWP_WPSF_FeatureHandler_PrivacyProtect extends ICWP_WPSF_FeatureHandler_Base {
23
+
24
+ /**
25
+ * @var ICWP_WPSF_PrivacyProtectProcessor
26
+ */
27
+ protected $oFeatureProcessor;
28
+
29
+ public function __construct( $oPluginVo ) {
30
+ $this->sFeatureName = _wpsf__('Privacy Protect');
31
+ $this->sFeatureSlug = 'privacy_protect';
32
+ parent::__construct( $oPluginVo );
33
+ }
34
+
35
+ /**
36
+ * @return ICWP_WPSF_PrivacyProtectProcessor|null
37
+ */
38
+ protected function loadFeatureProcessor() {
39
+ if ( !isset( $this->oFeatureProcessor ) ) {
40
+ require_once( dirname(__FILE__).'/icwp-processor-privacyprotect.php' );
41
+ $this->oFeatureProcessor = new ICWP_WPSF_PrivacyProtectProcessor( $this );
42
+ }
43
+ return $this->oFeatureProcessor;
44
  }
45
 
46
  public function doPrePluginOptionsSave() { }
47
 
48
  /**
49
+ * @return array
50
  */
51
+ protected function getOptionsDefinitions() {
52
 
53
  $aOptionsBase = array(
54
  'section_title' => _wpsf__( 'Enable Privacy Protection' ),
101
  )
102
  );
103
 
104
+ $aOptionsDefinitions = array(
105
  $aOptionsBase,
106
  $aFurtherOptions
107
  );
108
+ return $aOptionsDefinitions;
109
  }
110
 
111
+ public function handleFormSubmit() {
112
+ if ( !parent::handleFormSubmit() ) {
113
+ return false;
114
+ }
115
+ $this->loadDataProcessor();
116
+
117
+ if ( ICWP_WPSF_DataProcessor::FetchPost( 'clear_log_submit' ) ) {
118
+ $oLoggingProcessor = $this->getLoggingProcessor();
119
+ $oLoggingProcessor->recreateTable();
120
+ return true;
121
+ }
122
+ return true;
123
  }
124
  }
125
 
src/icwp-optionshandler-user_management.php ADDED
@@ -0,0 +1,133 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Copyright (c) 2014 iControlWP <support@icontrolwp.com>
4
+ * All rights reserved.
5
+ *
6
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
7
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
8
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
9
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
10
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
11
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
12
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
13
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
14
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
15
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
16
+ */
17
+
18
+ require_once( dirname(__FILE__).'/icwp-optionshandler-base.php' );
19
+
20
+ if ( !class_exists('ICWP_WPSF_FeatureHandler_UserManagement') ):
21
+
22
+ class ICWP_WPSF_FeatureHandler_UserManagement extends ICWP_WPSF_FeatureHandler_Base {
23
+
24
+ /**
25
+ * @var ICWP_WPSF_Processor_UserManagement
26
+ */
27
+ protected $oFeatureProcessor;
28
+
29
+ public function __construct( $oPluginVo ) {
30
+ $this->sFeatureName = _wpsf__('User Management');
31
+ $this->sFeatureSlug = 'user_management';
32
+ parent::__construct( $oPluginVo );
33
+ }
34
+
35
+ /**
36
+ * @return ICWP_WPSF_FeatureHandler_UserManagement|null
37
+ */
38
+ protected function loadFeatureProcessor() {
39
+ if ( !isset( $this->oFeatureProcessor ) ) {
40
+ require_once( dirname(__FILE__).'/icwp-processor-usermanagement.php' );
41
+ $this->oFeatureProcessor = new ICWP_WPSF_Processor_UserManagement( $this );
42
+ }
43
+ return $this->oFeatureProcessor;
44
+ }
45
+
46
+ /**
47
+ */
48
+ public function displayFeatureConfigPage( ) {
49
+
50
+ if ( !apply_filters( $this->doPluginPrefix( 'has_permission_to_view' ), true ) ) {
51
+ $this->displayViewAccessRestrictedPage();
52
+ return;
53
+ }
54
+
55
+ $aData = array(
56
+ 'aActiveSessions' => $this->getIsMainFeatureEnabled()? $this->oFeatureProcessor->getActiveUserSessionRecords() : array(),
57
+ 'aFailedSessions' => $this->getIsMainFeatureEnabled()? $this->oFeatureProcessor->getPendingOrFailedUserSessionRecordsSince() : array()
58
+ );
59
+ $aData = array_merge( $this->getBaseDisplayData(), $aData );
60
+ $this->display( $aData );
61
+ }
62
+
63
+ public function doPrePluginOptionsSave() { }
64
+
65
+ /**
66
+ * @return array
67
+ */
68
+ protected function getOptionsDefinitions() {
69
+ $aOptionsBase = array(
70
+ 'section_title' => sprintf( _wpsf__( 'Enable Plugin Feature: %s' ), _wpsf__('User Accounts Management') ),
71
+ 'section_options' => array(
72
+ array(
73
+ 'enable_user_management',
74
+ '',
75
+ 'N',
76
+ 'checkbox',
77
+ _wpsf__( 'Enable User Accounts Management' ),
78
+ _wpsf__( 'Enable (or Disable) The User Accounts Management Feature' ),
79
+ sprintf( _wpsf__( 'Checking/Un-Checking this option will completely turn on/off the whole %s feature.' ), _wpsf__('User Accounts Management') ),
80
+ )
81
+ ),
82
+ );
83
+
84
+ $aSessions = array(
85
+ 'section_title' => _wpsf__( 'User Session Management' ),
86
+ 'section_options' => array(
87
+ array(
88
+ 'session_timeout_interval',
89
+ '',
90
+ '2',
91
+ 'integer',
92
+ _wpsf__( 'Session Timeout' ),
93
+ _wpsf__( 'Specify How Many Days After Login To Automatically Force Re-Login' ),
94
+ sprintf( _wpsf__( 'WordPress default is 2 days, or 14 days if you check the "Remember Me" box.' ), '<span class="code">'.$this->getVisitorIpAddress( false ).'</span>' )
95
+ ),
96
+ array(
97
+ 'session_idle_timeout_interval',
98
+ '',
99
+ '0',
100
+ 'integer',
101
+ _wpsf__( 'Idle Timeout' ),
102
+ _wpsf__( 'Specify How Many Hours After Inactivity To Automatically Logout User' ),
103
+ _wpsf__( 'If the user is inactive for the number of hours specified, they will be forcefully logged out next time they return.' )
104
+ ),
105
+ array(
106
+ 'session_lock_location',
107
+ '',
108
+ 'N',
109
+ 'checkbox',
110
+ _wpsf__( 'Lock To Location' ),
111
+ _wpsf__( 'Locks A User Session To IP address' ),
112
+ _wpsf__( 'Restricts login to any account to a location as determined by IP address.' )
113
+ )
114
+ )
115
+ );
116
+
117
+ $aOptionsDefinitions = array(
118
+ $aOptionsBase,
119
+ $aSessions
120
+ );
121
+ return $aOptionsDefinitions;
122
+ }
123
+
124
+ /**
125
+ * @return array
126
+ */
127
+ protected function getNonUiOptions() {
128
+ $aNonUiOptions = array();
129
+ return $aNonUiOptions;
130
+ }
131
+ }
132
+
133
+ endif;
src/icwp-optionshandler-wpsf.php DELETED
@@ -1,248 +0,0 @@
1
- <?php
2
- /**
3
- * Copyright (c) 2014 iControlWP <support@icontrolwp.com>
4
- * All rights reserved.
5
- *
6
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
7
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
8
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
9
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
10
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
11
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
12
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
13
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
14
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
15
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
16
- */
17
-
18
- require_once( dirname(__FILE__).'/icwp-optionshandler-base.php' );
19
-
20
- if ( !class_exists('ICWP_OptionsHandler_Wpsf') ):
21
-
22
- class ICWP_OptionsHandler_Wpsf extends ICWP_OptionsHandler_Base_Wpsf {
23
-
24
- const StoreName = 'plugin_options';
25
- const Default_AccessKeyTimeout = 30;
26
-
27
- public function __construct( $insPrefix, $insVersion ) {
28
- parent::__construct( $insPrefix, self::StoreName, $insVersion );
29
- }
30
-
31
- /**
32
- * @return bool|void
33
- */
34
- public function defineOptions() {
35
-
36
- $aNonUiOptions = array(
37
- 'installation_time',
38
- 'secret_key',
39
- 'feedback_admin_notice',
40
- 'update_success_tracker',
41
- 'capability_can_disk_write',
42
- 'capability_can_remote_get',
43
- 'enable_firewall',
44
- 'enable_login_protect',
45
- 'enable_comments_filter',
46
- 'enable_lockdown',
47
- 'enable_autoupdates'
48
- );
49
- $this->mergeNonUiOptions( $aNonUiOptions );
50
-
51
- if ( $this->hasEncryptOption() ) {
52
-
53
- $aAccessKey = array(
54
- 'section_title' => _wpsf__( 'Admin Access Restriction' ),
55
- 'section_options' => array(
56
- array(
57
- 'enable_admin_access_restriction',
58
- '',
59
- 'N',
60
- 'checkbox',
61
- _wpsf__( 'Enable Access Key' ),
62
- _wpsf__( 'Enforce Admin Access Restriction' ),
63
- _wpsf__( 'Enable this with great care and consideration. When this Access Key option is enabled, you must specify a key below and use it to gain access to this plugin.' ),
64
- '<a href="http://icwp.io/40" target="_blank">'._wpsf__( 'more info' ).'</a>'
65
- .' | <a href="http://icwp.io/wpsf02" target="_blank">'._wpsf__( 'blog' ).'</a>'
66
- ),
67
- array(
68
- 'admin_access_timeout',
69
- '',
70
- self::Default_AccessKeyTimeout,
71
- 'integer',
72
- _wpsf__( 'Access Key Timeout' ),
73
- _wpsf__( 'Specify A Timeout For Plugin Admin Access' ),
74
- _wpsf__( 'This will automatically expire your WordPress Simple Firewall session. Does not apply until you enter the access key again. Default: 30 minutes.' ),
75
- '<a href="http://icwp.io/41" target="_blank">'._wpsf__( 'more info' ).'</a>'
76
- ),
77
- array(
78
- 'admin_access_key',
79
- '',
80
- '',
81
- 'password',
82
- _wpsf__( 'Admin Access Key' ),
83
- _wpsf__( 'Specify Your Plugin Access Key' ),
84
- _wpsf__( 'If you forget this, you could potentially lock yourself out from using this plugin.' )
85
- .' <strong>'._wpsf__( 'Leave it blank to not update it' ).'</strong>',
86
- '<a href="http://icwp.io/42" target="_blank">'._wpsf__( 'more info' ).'</a>'
87
- )
88
- )
89
- );
90
- }
91
-
92
- $aGeneral = array(
93
- 'section_title' => _wpsf__( 'General Plugin Options' ),
94
- 'section_options' => array(
95
- array(
96
- 'enable_upgrade_admin_notice',
97
- '',
98
- 'Y',
99
- 'checkbox',
100
- _wpsf__( 'Plugin Notices' ),
101
- _wpsf__( 'Display Notices For Updates' ),
102
- _wpsf__( 'Disable this option to hide certain plugin admin notices about available updates and post-update notices' )
103
- ),
104
- array(
105
- 'delete_on_deactivate',
106
- '',
107
- 'N',
108
- 'checkbox',
109
- _wpsf__( 'Delete Plugin Settings' ),
110
- _wpsf__( 'Delete All Plugin Settings Upon Plugin Deactivation' ),
111
- _wpsf__( 'Careful: Removes all plugin options when you deactivate the plugin' )
112
- )
113
- )
114
- );
115
-
116
- $aGlobal = array(
117
- 'section_title' => _wpsf__( 'Global Plugin Features' ),
118
- 'section_options' => array(
119
- array(
120
- 'enable_firewall',
121
- '', 'N',
122
- 'checkbox',
123
- _wpsf__( 'Enable Firewall' ),
124
- _wpsf__( 'Enable (or Disable) The WordPress Firewall Feature' ),
125
- _wpsf__( 'Regardless of any other settings, this option will turn off the Firewall feature, or enable your selected Firewall options' )
126
- ),
127
- array(
128
- 'enable_login_protect',
129
- '',
130
- 'N',
131
- 'checkbox',
132
- _wpsf__( 'Enable Login Protect' ),
133
- _wpsf__( 'Enable (or Disable) The Login Protection Feature' ),
134
- _wpsf__( 'Regardless of any other settings, this option will turn off the Login Protect feature, or enable your selected Login Protect options' )
135
- ),
136
- array(
137
- 'enable_comments_filter',
138
- '',
139
- 'N',
140
- 'checkbox',
141
- _wpsf__( 'Enable Comments Filter' ),
142
- _wpsf__( 'Enable (or Disable) The Comments Filter Feature' ),
143
- _wpsf__( 'Regardless of any other settings, this option will turn off the Comments Filter feature, or enable your selected Comments Filter options' )
144
- ),
145
- // array(
146
- // 'enable_privacy_protect',
147
- // '',
148
- // 'N',
149
- // 'checkbox',
150
- // sprintf( _wpsf__( 'Enable %s' ), _wpsf__('Privacy Protection') ),
151
- // sprintf( _wpsf__( 'Enable (or Disable) The %s Feature' ), _wpsf__('Privacy Protection') ),
152
- // _wpsf__( 'Regardless of any other settings, this option will turn off the Privacy Protection feature, or enable your selected Privacy Protection options' ),
153
- // '<a href="http://icwp.io/3y" target="_blank">'._wpsf__( 'more info' ).'</a>'
154
- // ),
155
- array(
156
- 'enable_lockdown',
157
- '',
158
- 'N',
159
- 'checkbox',
160
- _wpsf__( 'Enable Lockdown' ),
161
- _wpsf__( 'Enable (or Disable) The Lockdown Feature' ),
162
- _wpsf__( 'Regardless of any other settings, this option will turn off the Lockdown feature, or enable your selected Lockdown options' )
163
- ),
164
- array(
165
- 'enable_autoupdates',
166
- '',
167
- 'Y',
168
- 'checkbox',
169
- _wpsf__( 'Enable Auto Updates' ),
170
- _wpsf__( 'Enable (or Disable) The Auto Updates Feature' ),
171
- _wpsf__( 'Regardless of any other settings, this option will turn off the Auto Updates feature, or enable your selected Auto Updates options' )
172
- )
173
- )
174
- );
175
-
176
- $this->m_aOptions = array(
177
- $aGeneral,
178
- // $aGlobal
179
- );
180
- if ( isset( $aAccessKey ) ) {
181
- array_unshift( $this->m_aOptions, $aAccessKey );
182
- }
183
- }
184
-
185
- /**
186
- * This is the point where you would want to do any options verification
187
- */
188
- protected function doPrePluginOptionsSave() {
189
-
190
- $nTimeout = $this->getOpt( 'admin_access_key_timeout');
191
- if ( $nTimeout <= 0 ) {
192
- $nTimeout = self::Default_AccessKeyTimeout;
193
- }
194
- $this->setOpt( 'admin_access_key_timeout', $nTimeout );
195
-
196
- $sAccessKey = $this->getOpt( 'admin_access_key');
197
- if ( empty( $sAccessKey ) ) {
198
- $this->setOpt( 'enable_admin_access_restriction', 'N' );
199
- }
200
-
201
- $this->setOpt( 'enable_logging', 'Y' );
202
-
203
- $nInstalledAt = $this->getOpt( 'installation_time' );
204
- if ( empty($nInstalledAt) || $nInstalledAt <= 0 ) {
205
- $this->setOpt( 'installation_time', time() );
206
- }
207
- }
208
-
209
- protected function updateHandler() {
210
-
211
- // the 'current_plugin_version' value moved from a direct save option to be
212
- // included in the plugin options object, so we have to account for it being
213
- // empty.
214
- $sCurrentVersion = empty( $this->m_aOptionsValues[ 'current_plugin_version' ] )? '0.0' : $this->m_aOptionsValues[ 'current_plugin_version' ];
215
- if ( version_compare( $sCurrentVersion, '1.4.0', '<' ) ) {
216
- $aSettingsKey = array(
217
- 'current_plugin_version',
218
- 'enable_firewall',
219
- 'enable_login_protect',
220
- 'feedback_admin_notice',
221
- 'secret_key',
222
- 'block_send_email_address',
223
- 'send_email_throttle_limit',
224
- 'delete_on_deactivate'
225
- );
226
- $this->migrateOptions( $aSettingsKey );
227
- }// '1.4.0', '<'
228
-
229
- if ( version_compare( $sCurrentVersion, '1.8.2', '<=' ) ) {
230
-
231
- $fCanRemoteGet = $this->getOpt( 'capability_can_remote_get' );
232
- $fCanDiskWrite = $this->getOpt( 'capability_can_disk_write' );
233
-
234
- if ( $fCanDiskWrite === false || $fCanRemoteGet === false ) {
235
- $oWpFs = $this->loadFileSystemProcessor();
236
-
237
- $fCanRemoteGet = $oWpFs->getCanWpRemoteGet();
238
- $this->setOpt( 'capability_can_remote_get', $fCanRemoteGet? 'Y' : 'N' );
239
-
240
- $fCanDiskWrite = $oWpFs->getCanDiskWrite();
241
- $this->setOpt( 'capability_can_disk_write', $fCanDiskWrite? 'Y' : 'N' );
242
- }
243
- }// '1.8.2', '<='
244
- }
245
-
246
- }
247
-
248
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
src/icwp-processor-adminaccessrestriction.php ADDED
@@ -0,0 +1,61 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Copyright (c) 2014 iControlWP <support@icontrolwp.com>
4
+ * All rights reserved.
5
+ *
6
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
7
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
8
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
9
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
10
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
11
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
12
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
13
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
14
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
15
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
16
+ */
17
+
18
+ require_once( dirname(__FILE__).'/icwp-base-processor.php' );
19
+
20
+ if ( !class_exists('ICWP_WPSF_Processor_AdminAccessRestriction') ):
21
+
22
+ class ICWP_WPSF_Processor_AdminAccessRestriction extends ICWP_WPSF_BaseProcessor {
23
+
24
+ /**
25
+ * @var string
26
+ */
27
+ protected $sOptionRegexPattern;
28
+
29
+ /**
30
+ * @param ICWP_WPSF_FeatureHandler_AdminAccessRestriction $oFeatureOptions
31
+ */
32
+ public function __construct( ICWP_WPSF_FeatureHandler_AdminAccessRestriction $oFeatureOptions ) {
33
+ parent::__construct( $oFeatureOptions );
34
+ }
35
+
36
+ public function run() {
37
+
38
+ if ( ! $this->oFeatureOptions->getIsUpgrading() ) {
39
+ $this->sOptionRegexPattern = '/^'. $this->oFeatureOptions->getOptionStoragePrefix() . '.*_options$/';
40
+ add_filter( 'pre_update_option', array( $this, 'blockOptionsSaves' ), 1, 3 );
41
+ }
42
+ }
43
+
44
+ /**
45
+ * Right before a plugin option is due to update it will check that we have permissions to do so and if not, will
46
+ * revert the option to save to the previous one.
47
+ *
48
+ * @param $mValue
49
+ * @param $sOption
50
+ * @param $mOldValue
51
+ * @return mixed
52
+ */
53
+ public function blockOptionsSaves( $mValue, $sOption, $mOldValue ) {
54
+ if ( !preg_match( $this->sOptionRegexPattern, $sOption ) ) {
55
+ return $mValue;
56
+ }
57
+ return apply_filters( $this->oFeatureOptions->doPluginPrefix( 'has_permission_to_submit' ), true )? $mValue : $mOldValue;
58
+ }
59
+ }
60
+
61
+ endif;
src/icwp-processor-autoupdates.php CHANGED
@@ -17,46 +17,46 @@
17
 
18
  require_once( dirname(__FILE__).'/icwp-base-processor.php' );
19
 
20
- if ( !class_exists('ICWP_AutoUpdatesProcessor_V4') ):
21
 
22
- class ICWP_AutoUpdatesProcessor_V4 extends ICWP_BaseProcessor_V2 {
23
 
24
- const Slug = 'autoupdates';
25
-
26
  const FilterPriority = 1001;
27
 
28
- protected $m_sPluginFile;
29
-
30
  /**
31
  * @var boolean
32
  */
33
- protected $m_fDoForceRunAutoUpdates = false;
34
-
35
- public function __construct( $insOptionPrefix = '' ) {
36
- parent::__construct( $this->constructStorageKey( $insOptionPrefix, self::Slug ) );
 
 
 
 
37
  }
38
 
39
  /**
40
  * @param boolean $infDoForceRun
41
  */
42
- public function setForceRunAutoUpdates( $infDoForceRun ) {
43
- $this->m_fDoForceRunAutoUpdates = $infDoForceRun;
44
  }
45
 
46
  /**
47
  */
48
- public function getForceRunAutoUpdates() {
49
- return apply_filters( 'icwp_force_autoupdate', $this->m_fDoForceRunAutoUpdates );
50
  }
51
 
52
  /**
53
  */
54
- public function run( $insPluginFile = '' ) {
55
-
56
- $this->m_sPluginFile = $insPluginFile;
57
-
58
  // When we force run we only want our filters.
59
- if ( $this->getForceRunAutoUpdates() ) {
60
  $aFilters = array(
61
  'allow_minor_auto_core_updates',
62
  'allow_major_auto_core_updates',
@@ -89,7 +89,7 @@ class ICWP_AutoUpdatesProcessor_V4 extends ICWP_BaseProcessor_V2 {
89
  add_filter( 'auto_core_update_send_email', array( $this, 'autoupdate_send_email' ), self::FilterPriority, 1 ); //more parameter options here for later
90
  add_filter( 'auto_core_update_email', array( $this, 'autoupdate_email_override' ), self::FilterPriority, 1 ); //more parameter options here for later
91
 
92
- if ( $this->getForceRunAutoUpdates() ) {
93
  $this->force_run_autoupdates( 'update-core.php' ); //we'll redirect to the updates page for to show
94
  }
95
  }
@@ -195,7 +195,7 @@ class ICWP_AutoUpdatesProcessor_V4 extends ICWP_BaseProcessor_V2 {
195
  return $infUpdate;
196
  }
197
 
198
- if ( $sItemFile === $this->m_sPluginFile ) {
199
  if ( $this->getIsOption('autoupdate_plugin_self', 'Y') ) {
200
  $this->doStatIncrement( 'autoupdates.plugins.self' );
201
  return true;
@@ -203,11 +203,11 @@ class ICWP_AutoUpdatesProcessor_V4 extends ICWP_BaseProcessor_V2 {
203
  return false;
204
  }
205
 
206
- $aAutoUpdatePluginFiles = apply_filters( 'icwp_wpsf_autoupdate_plugins', array() );
207
 
208
- if ( !empty( $aAutoUpdatePluginFiles )
209
- && is_array($aAutoUpdatePluginFiles)
210
- && in_array( $sItemFile, $aAutoUpdatePluginFiles ) ) {
211
 
212
  return true;
213
  }
@@ -242,11 +242,11 @@ class ICWP_AutoUpdatesProcessor_V4 extends ICWP_BaseProcessor_V2 {
242
  return $infUpdate;
243
  }
244
 
245
- $aAutoUpdateThemeFiles = apply_filters( 'icwp_wpsf_autoupdate_themes', array() );
246
 
247
- if ( !empty( $aAutoUpdateThemeFiles )
248
- && is_array($aAutoUpdateThemeFiles)
249
- && in_array( $sItemFile, $aAutoUpdateThemeFiles ) ) {
250
 
251
  return true;
252
  }
@@ -272,7 +272,7 @@ class ICWP_AutoUpdatesProcessor_V4 extends ICWP_BaseProcessor_V2 {
272
  * @return boolean
273
  */
274
  public function autoupdate_send_email( $infSendEmail ) {
275
- return $this->getIsOption('enable_upgrade_notification_email', 'Y');
276
  }
277
 
278
  /**
@@ -282,8 +282,9 @@ class ICWP_AutoUpdatesProcessor_V4 extends ICWP_BaseProcessor_V2 {
282
  * @return array
283
  */
284
  public function autoupdate_email_override( $aEmailParams ) {
285
- if ( !empty( $this->m_aOptions['override_email_address'] ) ) {
286
- $aEmailParams['to'] = $this->m_aOptions['override_email_address'];
 
287
  }
288
  return $aEmailParams;
289
  }
@@ -291,6 +292,6 @@ class ICWP_AutoUpdatesProcessor_V4 extends ICWP_BaseProcessor_V2 {
291
 
292
  endif;
293
 
294
- if ( !class_exists('ICWP_WPSF_AutoUpdatesProcessor') ):
295
- class ICWP_WPSF_AutoUpdatesProcessor extends ICWP_AutoUpdatesProcessor_V4 { }
296
  endif;
17
 
18
  require_once( dirname(__FILE__).'/icwp-base-processor.php' );
19
 
20
+ if ( !class_exists('ICWP_AutoupdatesProcessor_V5') ):
21
 
22
+ class ICWP_AutoupdatesProcessor_V5 extends ICWP_BaseProcessor_V3 {
23
 
 
 
24
  const FilterPriority = 1001;
25
 
26
+ protected $sPluginFile;
27
+
28
  /**
29
  * @var boolean
30
  */
31
+ protected $m_fDoForceRunAutoupdates = false;
32
+
33
+ /**
34
+ * @param ICWP_WPSF_FeatureHandler_Autoupdates $oFeatureOptions
35
+ */
36
+ public function __construct( ICWP_WPSF_FeatureHandler_Autoupdates $oFeatureOptions ) {
37
+ parent::__construct( $oFeatureOptions );
38
+ $this->sPluginFile = $this->oFeatureOptions->getPluginBaseFile();
39
  }
40
 
41
  /**
42
  * @param boolean $infDoForceRun
43
  */
44
+ public function setForceRunAutoupdates( $infDoForceRun ) {
45
+ $this->m_fDoForceRunAutoupdates = $infDoForceRun;
46
  }
47
 
48
  /**
49
  */
50
+ public function getForceRunAutoupdates() {
51
+ return apply_filters( 'icwp_force_autoupdate', $this->m_fDoForceRunAutoupdates );
52
  }
53
 
54
  /**
55
  */
56
+ public function run() {
57
+
 
 
58
  // When we force run we only want our filters.
59
+ if ( $this->getForceRunAutoupdates() ) {
60
  $aFilters = array(
61
  'allow_minor_auto_core_updates',
62
  'allow_major_auto_core_updates',
89
  add_filter( 'auto_core_update_send_email', array( $this, 'autoupdate_send_email' ), self::FilterPriority, 1 ); //more parameter options here for later
90
  add_filter( 'auto_core_update_email', array( $this, 'autoupdate_email_override' ), self::FilterPriority, 1 ); //more parameter options here for later
91
 
92
+ if ( $this->getForceRunAutoupdates() ) {
93
  $this->force_run_autoupdates( 'update-core.php' ); //we'll redirect to the updates page for to show
94
  }
95
  }
195
  return $infUpdate;
196
  }
197
 
198
+ if ( $sItemFile === $this->sPluginFile ) {
199
  if ( $this->getIsOption('autoupdate_plugin_self', 'Y') ) {
200
  $this->doStatIncrement( 'autoupdates.plugins.self' );
201
  return true;
203
  return false;
204
  }
205
 
206
+ $aAutoupdatePluginFiles = apply_filters( 'icwp_wpsf_autoupdate_plugins', array() );
207
 
208
+ if ( !empty( $aAutoupdatePluginFiles )
209
+ && is_array($aAutoupdatePluginFiles)
210
+ && in_array( $sItemFile, $aAutoupdatePluginFiles ) ) {
211
 
212
  return true;
213
  }
242
  return $infUpdate;
243
  }
244
 
245
+ $aAutoupdateThemeFiles = apply_filters( 'icwp_wpsf_autoupdate_themes', array() );
246
 
247
+ if ( !empty( $aAutoupdateThemeFiles )
248
+ && is_array($aAutoupdateThemeFiles)
249
+ && in_array( $sItemFile, $aAutoupdateThemeFiles ) ) {
250
 
251
  return true;
252
  }
272
  * @return boolean
273
  */
274
  public function autoupdate_send_email( $infSendEmail ) {
275
+ return $this->getIsOption( 'enable_upgrade_notification_email', 'Y' );
276
  }
277
 
278
  /**
282
  * @return array
283
  */
284
  public function autoupdate_email_override( $aEmailParams ) {
285
+ $sOverride = $this->getOption( 'override_email_address', '' );
286
+ if ( !empty( $sOverride ) && is_email( $sOverride ) ) {
287
+ $aEmailParams['to'] = $sOverride;
288
  }
289
  return $aEmailParams;
290
  }
292
 
293
  endif;
294
 
295
+ if ( !class_exists('ICWP_WPSF_AutoupdatesProcessor') ):
296
+ class ICWP_WPSF_AutoupdatesProcessor extends ICWP_AutoupdatesProcessor_V5 { }
297
  endif;
src/icwp-processor-commentsfilter.php CHANGED
@@ -21,7 +21,7 @@ if ( !class_exists('ICWP_CommentsFilterProcessor_V2') ):
21
 
22
  class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
23
 
24
- const Slug = 'comments_filter';
25
  const Spam_Blacklist_Source = 'https://raw.githubusercontent.com/splorp/wordpress-comment-blacklist/master/blacklist.txt';
26
 
27
  const TWODAYS = 172800;
@@ -35,38 +35,17 @@ class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
35
  * @var string
36
  */
37
  static protected $sModeFile_LoginThrottled;
 
38
  /**
39
  * The unique comment token assigned to this page
40
  * @var integer
41
  */
42
- protected $m_sUniqueToken;
43
  /**
44
  * The unique comment token assigned to this page
45
  * @var integer
46
  */
47
  protected $m_sUniqueFormId;
48
- /**
49
- * The length of time that must pass between a page being loaded and comment being posted.
50
- * @var integer
51
- */
52
- protected $m_nCommentCooldown;
53
- /**
54
- * The maxium length of time that comment token may last and be used.
55
- * @var integer
56
- */
57
- protected $m_nCommentTokenExpire;
58
- /**
59
- * @var integer
60
- */
61
- protected $m_nLastLoginTime;
62
- /**
63
- * @var string
64
- */
65
- protected $m_sSecretKey;
66
- /**
67
- * @var string
68
- */
69
- protected $m_sGaspKey;
70
  /**
71
  * @var string
72
  */
@@ -83,9 +62,12 @@ class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
83
  * @var boolean
84
  */
85
  protected $m_fAllowTwoFactorByPass;
86
-
87
- public function __construct( $insOptionPrefix = '' ) {
88
- parent::__construct( $this->constructStorageKey( $insOptionPrefix, self::Slug ), self::Slug );
 
 
 
89
  $this->createTable();
90
  $this->reset();
91
  }
@@ -95,10 +77,10 @@ class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
95
  */
96
  public function reset() {
97
  parent::reset();
98
- $this->m_sUniqueToken = '';
99
  $this->sCommentStatus = '';
100
  $this->sCommentStatusExplanation = '';
101
- self::$sSpamBlacklistFile = dirname(__FILE__).ICWP_DS.'..'.ICWP_DS.'resources'.ICWP_DS.'spamblacklist.txt';
102
  }
103
 
104
  /**
@@ -106,8 +88,6 @@ class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
106
  public function run() {
107
  parent::run();
108
 
109
- $fDoSetCommentStatus = false;
110
-
111
  // Add GASP checking to the comment form.
112
  if ( $this->getIsOption('enable_comments_gasp_protection', 'Y') ) {
113
  add_action( 'comment_form', array( $this, 'printGaspFormHook_Action' ), 1 );
@@ -160,26 +140,36 @@ class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
160
  */
161
  protected function doGaspCommentCheck( $nPostId ) {
162
 
163
- //Check that we haven't already marked the comment through another scan
164
- if ( !empty( $this->sCommentStatus ) || !$this->getIsOption('enable_comments_gasp_protection', 'Y') ) {
 
 
 
 
165
  return;
166
  }
167
 
168
  $fIsSpam = true;
169
  $sExplanation = '';
170
 
 
 
 
 
 
 
171
  // we have the cb name, is it set?
172
- if( !isset( $_POST['cb_nombre'] ) || !isset( $_POST[ $_POST['cb_nombre'] ] ) ) {
173
  $sExplanation = sprintf( _wpsf__('Failed GASP Bot Filter Test (%s)' ), _wpsf__('checkbox') );
174
  $sStatKey = 'checkbox';
175
  }
176
  // honeypot check
177
- else if ( isset( $_POST['sugar_sweet_email'] ) && $_POST['sugar_sweet_email'] !== '' ) {
178
  $sExplanation = sprintf( _wpsf__('Failed GASP Bot Filter Test (%s)' ), _wpsf__('honeypot') );
179
  $sStatKey = 'honeypot';
180
  }
181
  // check the unique comment token is present
182
- else if ( !isset( $_POST['comment_token'] ) || !$this->checkCommentToken( $_POST['comment_token'], $nPostId ) ) {
183
  $sExplanation = sprintf( _wpsf__('Failed GASP Bot Filter Test (%s)' ), _wpsf__('comment token failure') );
184
  $sStatKey = 'token';
185
  }
@@ -189,7 +179,7 @@ class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
189
 
190
  if ( $fIsSpam ) {
191
  $this->doStatIncrement( sprintf( 'spam.gasp.%s', $sStatKey ) );
192
- $this->sCommentStatus = $this->getOption('comments_default_action_spam_bot');
193
  $this->setCommentStatusExplanation( $sExplanation );
194
  }
195
  }
@@ -204,7 +194,7 @@ class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
204
  $aCommentData['comment_author_email'],
205
  $aCommentData['comment_author_url'],
206
  $aCommentData['comment_content'],
207
- ICWP_WPSF_DataProcessor::GetVisitorIpAddress( false ),
208
  isset( $_SERVER['HTTP_USER_AGENT'] ) ? substr( $_SERVER['HTTP_USER_AGENT'], 0, 254 ) : ''
209
  );
210
  }
@@ -268,7 +258,7 @@ class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
268
  */
269
  protected function doStatHumanSpamWords( $sStatWord = '' ) {
270
  $this->loadWpsfStatsProcessor();
271
- if ( !empty($sStatWord) ) {
272
  ICWP_Stats_WPSF::DoStatIncrementKeyValue( 'spam.human.words', base64_encode( $sStatWord ) );
273
  }
274
  }
@@ -284,7 +274,7 @@ class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
284
  $this->doSpamBlacklistImport();
285
  }
286
  // second, if it exists and it's older than 48hrs, update
287
- else if ( time() - $oFs->getModifiedTime( self::$sSpamBlacklistFile ) > self::TWODAYS ) {
288
  $this->doSpamBlacklistUpdate();
289
  }
290
 
@@ -345,14 +335,10 @@ class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
345
  return;
346
  }
347
 
348
- global $post;
349
- if ( !isset( $post ) || $post->comment_status != 'open' ) {
350
- return;
351
- }
352
- $this->deleteOldPostCommentTokens( $post->ID );
353
- $this->createUniquePostCommentToken( $post->ID, $this->m_sUniqueToken );
354
 
355
- require_once( dirname(__FILE__).'/icwp-data-processor.php' );
356
  $this->m_sUniqueFormId = ICWP_WPSF_DataProcessor::GenerateRandomString( rand(7, 23), true );
357
 
358
  echo $this->getGaspCommentsHookHtml();
@@ -364,6 +350,22 @@ class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
364
  * @return boolean
365
  */
366
  protected function getIfDoCommentsCheck() {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
367
  if ( !is_user_logged_in() ) {
368
  return true;
369
  }
@@ -373,6 +375,24 @@ class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
373
  return false;
374
  }
375
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
376
  /**
377
  * @return void
378
  */
@@ -389,7 +409,7 @@ class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
389
  $sId = $this->m_sUniqueFormId;
390
  $sReturn = '<p id="'.$sId.'"></p>'; // we use this unique <p> to hook onto using javascript
391
  $sReturn .= '<input type="hidden" id="_sugar_sweet_email" name="sugar_sweet_email" value="" />';
392
- $sReturn .= '<input type="hidden" id="_comment_token" name="comment_token" value="'.$this->m_sUniqueToken.'" />';
393
  return $sReturn;
394
  }
395
 
@@ -514,10 +534,10 @@ class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
514
  AND `deleted_at` = '0'
515
  ";
516
  $sQuery = sprintf( $sQuery,
517
- $this->m_sTableName,
518
  $sToken,
519
  $sPostId,
520
- $this->m_nRequestIp
521
  );
522
  $mResult = $this->selectCustomFromTable( $sQuery );
523
 
@@ -529,10 +549,9 @@ class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
529
  $this->deleteUniquePostCommentToken( $sToken, $sPostId );
530
 
531
  // Did sufficient time pass, or has it expired?
532
- $nNow = time();
533
  $aRecord = $mResult[0];
534
- $nInterval = $nNow - $aRecord['created_at'];
535
- if ( $nInterval < $this->m_aOptions[ 'comments_cooldown_interval' ]
536
  || ( $this->getOption( 'comments_token_expire_interval' ) > 0 && $nInterval > $this->getOption('comments_token_expire_interval') )
537
  ) {
538
  return false;
@@ -578,7 +597,7 @@ class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
578
  `deleted_at` int(15) NOT NULL DEFAULT '0',
579
  PRIMARY KEY (`id`)
580
  ) ENGINE=MyISAM DEFAULT CHARSET=utf8;";
581
- $sSqlTables = sprintf( $sSqlTables, $this->m_sTableName );
582
  return $this->doSql( $sSqlTables );
583
  }
584
 
@@ -590,7 +609,6 @@ class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
590
  protected function deleteUniquePostCommentToken( $insUniqueToken, $insPostId, $infSoftDelete = false ) {
591
 
592
  if ( $infSoftDelete ) {
593
- $nNow = time();
594
  $sQuery = "
595
  UPDATE `%s`
596
  SET `deleted_at` = '%s'
@@ -599,8 +617,8 @@ class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
599
  AND `post_id` = '%s'
600
  ";
601
  $sQuery = sprintf( $sQuery,
602
- $this->m_sTableName,
603
- $nNow,
604
  $insUniqueToken,
605
  $insPostId
606
  );
@@ -614,14 +632,14 @@ class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
614
  }
615
 
616
  /**
617
- *
618
- * @param string $insUniqueToken
619
- * @param string $insPostId
620
  */
621
- protected function deleteOldPostCommentTokens( $insPostId, $infSoftDelete = false ) {
622
 
623
- if ( $infSoftDelete ) {
624
- $nNow = time();
 
625
  $sQuery = "
626
  UPDATE `%s`
627
  SET `deleted_at` = '%s'
@@ -630,41 +648,54 @@ class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
630
  AND `post_id` = '%s'
631
  ";
632
  $sQuery = sprintf( $sQuery,
633
- $this->m_sTableName,
634
- $nNow,
635
- $this->m_nRequestIp,
636
- $insPostId
637
  );
638
  $this->doSql( $sQuery );
639
  }
640
  else {
641
  $aWhere = array();
642
- $aWhere['ip_long'] = $this->m_nRequestIp;
643
- $aWhere['post_id'] = $insPostId;
644
  $this->deleteRowsFromTable( $aWhere );
645
  }
646
  }
647
 
648
- protected function createUniquePostCommentToken( $insPostId, &$outsUniqueToken = '' ) {
 
 
 
649
 
650
- // Now add new pending entry
651
- $nNow = time();
652
- $outsUniqueToken = $this->getUniqueToken( $insPostId );
653
  $aData = array();
654
- $aData[ 'post_id' ] = $insPostId;
655
- $aData[ 'unique_token' ] = $outsUniqueToken;
656
- $aData[ 'ip_long' ] = $this->m_nRequestIp;
657
- $aData[ 'created_at' ] = $nNow;
658
 
659
  $mResult = $this->insertIntoTable( $aData );
660
  return $mResult;
661
  }
662
-
663
- protected function getUniqueToken( $insPostId ) {
664
- $sToken = uniqid( $this->m_nRequestIp.$insPostId );
 
 
 
665
  return md5( $sToken );
666
  }
667
 
 
 
 
 
 
 
 
 
 
 
668
  /**
669
  * @param $sExplanation
670
  */
@@ -685,7 +716,7 @@ class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
685
  if ( !$this->getTableExists() ) {
686
  return;
687
  }
688
- $nTimeStamp = time() - DAY_IN_SECONDS;
689
  $this->deleteAllRowsOlderThan( $nTimeStamp );
690
  }
691
  }
21
 
22
  class ICWP_CommentsFilterProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
23
 
24
+ const TableName = 'comments_filter';
25
  const Spam_Blacklist_Source = 'https://raw.githubusercontent.com/splorp/wordpress-comment-blacklist/master/blacklist.txt';
26
 
27
  const TWODAYS = 172800;
35
  * @var string
36
  */
37
  static protected $sModeFile_LoginThrottled;
38
+
39
  /**
40
  * The unique comment token assigned to this page
41
  * @var integer
42
  */
43
+ protected $sUniqueCommentToken;
44
  /**
45
  * The unique comment token assigned to this page
46
  * @var integer
47
  */
48
  protected $m_sUniqueFormId;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
49
  /**
50
  * @var string
51
  */
62
  * @var boolean
63
  */
64
  protected $m_fAllowTwoFactorByPass;
65
+
66
+ /**
67
+ * @param ICWP_WPSF_FeatureHandler_CommentsFilter $oFeatureOptions
68
+ */
69
+ public function __construct( ICWP_WPSF_FeatureHandler_CommentsFilter $oFeatureOptions ) {
70
+ parent::__construct( $oFeatureOptions, self::TableName );
71
  $this->createTable();
72
  $this->reset();
73
  }
77
  */
78
  public function reset() {
79
  parent::reset();
80
+ $this->sUniqueCommentToken = '';
81
  $this->sCommentStatus = '';
82
  $this->sCommentStatusExplanation = '';
83
+ self::$sSpamBlacklistFile = $this->oFeatureOptions->getResourcesDir().'spamblacklist.txt';
84
  }
85
 
86
  /**
88
  public function run() {
89
  parent::run();
90
 
 
 
91
  // Add GASP checking to the comment form.
92
  if ( $this->getIsOption('enable_comments_gasp_protection', 'Y') ) {
93
  add_action( 'comment_form', array( $this, 'printGaspFormHook_Action' ), 1 );
140
  */
141
  protected function doGaspCommentCheck( $nPostId ) {
142
 
143
+ if ( !$this->getIfDoGaspCheck() ) {
144
+ return;
145
+ }
146
+
147
+ // Check that we haven't already marked the comment through another scan
148
+ if ( !empty( $this->sCommentStatus ) || !$this->getIsOption( 'enable_comments_gasp_protection', 'Y' ) ) {
149
  return;
150
  }
151
 
152
  $fIsSpam = true;
153
  $sExplanation = '';
154
 
155
+ $this->loadDataProcessor();
156
+
157
+ $sFieldCheckboxName = ICWP_WPSF_DataProcessor::FetchPost( 'cb_nombre' );
158
+ $sFieldHoney = ICWP_WPSF_DataProcessor::FetchPost( 'sugar_sweet_email' );
159
+ $sFieldCommentToken = ICWP_WPSF_DataProcessor::FetchPost( 'comment_token' );
160
+
161
  // we have the cb name, is it set?
162
+ if( !$sFieldCheckboxName || !ICWP_WPSF_DataProcessor::FetchPost( $sFieldCheckboxName ) ) {
163
  $sExplanation = sprintf( _wpsf__('Failed GASP Bot Filter Test (%s)' ), _wpsf__('checkbox') );
164
  $sStatKey = 'checkbox';
165
  }
166
  // honeypot check
167
+ else if ( !empty( $sFieldHoney ) ) {
168
  $sExplanation = sprintf( _wpsf__('Failed GASP Bot Filter Test (%s)' ), _wpsf__('honeypot') );
169
  $sStatKey = 'honeypot';
170
  }
171
  // check the unique comment token is present
172
+ else if ( empty( $sFieldCommentToken ) || !$this->checkCommentToken( $sFieldCommentToken, $nPostId ) ) {
173
  $sExplanation = sprintf( _wpsf__('Failed GASP Bot Filter Test (%s)' ), _wpsf__('comment token failure') );
174
  $sStatKey = 'token';
175
  }
179
 
180
  if ( $fIsSpam ) {
181
  $this->doStatIncrement( sprintf( 'spam.gasp.%s', $sStatKey ) );
182
+ $this->sCommentStatus = $this->getOption( 'comments_default_action_spam_bot' );
183
  $this->setCommentStatusExplanation( $sExplanation );
184
  }
185
  }
194
  $aCommentData['comment_author_email'],
195
  $aCommentData['comment_author_url'],
196
  $aCommentData['comment_content'],
197
+ long2ip( self::$nRequestIp ),
198
  isset( $_SERVER['HTTP_USER_AGENT'] ) ? substr( $_SERVER['HTTP_USER_AGENT'], 0, 254 ) : ''
199
  );
200
  }
258
  */
259
  protected function doStatHumanSpamWords( $sStatWord = '' ) {
260
  $this->loadWpsfStatsProcessor();
261
+ if ( !empty( $sStatWord ) ) {
262
  ICWP_Stats_WPSF::DoStatIncrementKeyValue( 'spam.human.words', base64_encode( $sStatWord ) );
263
  }
264
  }
274
  $this->doSpamBlacklistImport();
275
  }
276
  // second, if it exists and it's older than 48hrs, update
277
+ else if ( self::$nRequestTimestamp - $oFs->getModifiedTime( self::$sSpamBlacklistFile ) > self::TWODAYS ) {
278
  $this->doSpamBlacklistUpdate();
279
  }
280
 
335
  return;
336
  }
337
 
338
+ $this->deleteOldPostCommentTokens();
339
+ $this->insertUniquePostCommentToken();
 
 
 
 
340
 
341
+ $this->loadDataProcessor();
342
  $this->m_sUniqueFormId = ICWP_WPSF_DataProcessor::GenerateRandomString( rand(7, 23), true );
343
 
344
  echo $this->getGaspCommentsHookHtml();
350
  * @return boolean
351
  */
352
  protected function getIfDoCommentsCheck() {
353
+
354
+ // Compatibility with shoutbox WP Wall Plugin
355
+ // http://wordpress.org/plugins/wp-wall/
356
+ if ( function_exists( 'WPWall_Init' ) ) {
357
+ $this->loadDataProcessor();
358
+ if ( !is_null( ICWP_WPSF_DataProcessor::FetchPost('submit_wall_post') ) ) {
359
+ return false;
360
+ }
361
+ }
362
+
363
+ //First, are comments allowed on this post?
364
+ global $post;
365
+ if ( !isset( $post ) || $post->comment_status != 'open' ) {
366
+ return false;
367
+ }
368
+
369
  if ( !is_user_logged_in() ) {
370
  return true;
371
  }
375
  return false;
376
  }
377
 
378
+ /**
379
+ * Tells us whether, for this particular comment post, if we should do GASP comments checking.
380
+ *
381
+ * @return boolean
382
+ */
383
+ protected function getIfDoGaspCheck() {
384
+
385
+ // Compatibility with shoutbox WP Wall Plugin
386
+ // http://wordpress.org/plugins/wp-wall/
387
+ if ( function_exists( 'WPWall_Init' ) ) {
388
+ $this->loadDataProcessor();
389
+ if ( !is_null( ICWP_WPSF_DataProcessor::FetchPost('submit_wall_post') ) ) {
390
+ return false;
391
+ }
392
+ }
393
+ return true;
394
+ }
395
+
396
  /**
397
  * @return void
398
  */
409
  $sId = $this->m_sUniqueFormId;
410
  $sReturn = '<p id="'.$sId.'"></p>'; // we use this unique <p> to hook onto using javascript
411
  $sReturn .= '<input type="hidden" id="_sugar_sweet_email" name="sugar_sweet_email" value="" />';
412
+ $sReturn .= '<input type="hidden" id="_comment_token" name="comment_token" value="'.$this->sUniqueCommentToken.'" />';
413
  return $sReturn;
414
  }
415
 
534
  AND `deleted_at` = '0'
535
  ";
536
  $sQuery = sprintf( $sQuery,
537
+ $this->getTableName(),
538
  $sToken,
539
  $sPostId,
540
+ self::$nRequestIp
541
  );
542
  $mResult = $this->selectCustomFromTable( $sQuery );
543
 
549
  $this->deleteUniquePostCommentToken( $sToken, $sPostId );
550
 
551
  // Did sufficient time pass, or has it expired?
 
552
  $aRecord = $mResult[0];
553
+ $nInterval = self::$nRequestTimestamp - $aRecord['created_at'];
554
+ if ( $nInterval < $this->getOption( 'comments_cooldown_interval' )
555
  || ( $this->getOption( 'comments_token_expire_interval' ) > 0 && $nInterval > $this->getOption('comments_token_expire_interval') )
556
  ) {
557
  return false;
597
  `deleted_at` int(15) NOT NULL DEFAULT '0',
598
  PRIMARY KEY (`id`)
599
  ) ENGINE=MyISAM DEFAULT CHARSET=utf8;";
600
+ $sSqlTables = sprintf( $sSqlTables, $this->getTableName() );
601
  return $this->doSql( $sSqlTables );
602
  }
603
 
609
  protected function deleteUniquePostCommentToken( $insUniqueToken, $insPostId, $infSoftDelete = false ) {
610
 
611
  if ( $infSoftDelete ) {
 
612
  $sQuery = "
613
  UPDATE `%s`
614
  SET `deleted_at` = '%s'
617
  AND `post_id` = '%s'
618
  ";
619
  $sQuery = sprintf( $sQuery,
620
+ $this->getTableName(),
621
+ self::$nRequestTimestamp,
622
  $insUniqueToken,
623
  $insPostId
624
  );
632
  }
633
 
634
  /**
635
+ * @param bool $fSoftDelete
636
+ * @param string $sPostId
 
637
  */
638
+ protected function deleteOldPostCommentTokens( $fSoftDelete = false, $sPostId = null ) {
639
 
640
+ $nPostIdToDelete = empty( $sPostId ) ? $this->getRequestPostId() : $sPostId;
641
+
642
+ if ( $fSoftDelete ) {
643
  $sQuery = "
644
  UPDATE `%s`
645
  SET `deleted_at` = '%s'
648
  AND `post_id` = '%s'
649
  ";
650
  $sQuery = sprintf( $sQuery,
651
+ $this->getTableName(),
652
+ self::$nRequestTimestamp,
653
+ self::$nRequestIp,
654
+ $nPostIdToDelete
655
  );
656
  $this->doSql( $sQuery );
657
  }
658
  else {
659
  $aWhere = array();
660
+ $aWhere['ip_long'] = self::$nRequestIp;
661
+ $aWhere['post_id'] = $nPostIdToDelete;
662
  $this->deleteRowsFromTable( $aWhere );
663
  }
664
  }
665
 
666
+ /**
667
+ * @return mixed
668
+ */
669
+ protected function insertUniquePostCommentToken() {
670
 
 
 
 
671
  $aData = array();
672
+ $aData[ 'post_id' ] = $this->getRequestPostId();
673
+ $aData[ 'unique_token' ] = $this->getUniqueCommentToken();
674
+ $aData[ 'ip_long' ] = self::$nRequestIp;
675
+ $aData[ 'created_at' ] = self::$nRequestTimestamp;
676
 
677
  $mResult = $this->insertIntoTable( $aData );
678
  return $mResult;
679
  }
680
+
681
+ /**
682
+ * @return string
683
+ */
684
+ protected function generateUniqueToken() {
685
+ $sToken = uniqid( self::$nRequestIp.self::$nRequestTimestamp.$this->getRequestPostId() );
686
  return md5( $sToken );
687
  }
688
 
689
+ /**
690
+ * @return string
691
+ */
692
+ protected function getUniqueCommentToken() {
693
+ if ( !isset( $this->sUniqueCommentToken ) ) {
694
+ $this->sUniqueCommentToken = $this->generateUniqueToken();
695
+ }
696
+ return $this->sUniqueCommentToken;
697
+ }
698
+
699
  /**
700
  * @param $sExplanation
701
  */
716
  if ( !$this->getTableExists() ) {
717
  return;
718
  }
719
+ $nTimeStamp = self::$nRequestTimestamp - DAY_IN_SECONDS;
720
  $this->deleteAllRowsOlderThan( $nTimeStamp );
721
  }
722
  }
src/icwp-processor-email.php CHANGED
@@ -51,8 +51,11 @@ class ICWP_EmailProcessor_V1 extends ICWP_WPSF_BaseProcessor {
51
  */
52
  protected $m_fEmailIsThrottled;
53
 
54
- public function __construct( $insOptionPrefix = '' ) {
55
- parent::__construct( $this->constructStorageKey( $insOptionPrefix, self::Slug ) );
 
 
 
56
  }
57
 
58
  public function reset() {
@@ -61,17 +64,20 @@ class ICWP_EmailProcessor_V1 extends ICWP_WPSF_BaseProcessor {
61
  }
62
 
63
  /**
64
- * @param string $insEmailAddress
65
  * @param string $insEmailSubject
66
- * @param array $inaMessage
 
67
  * @uses wp_mail
68
  */
69
- public function sendEmailTo( $insEmailAddress, $insEmailSubject, $inaMessage ) {
70
-
 
 
71
  $aHeaders = array(
72
  'MIME-Version: 1.0',
73
  'Content-type: text/plain;',
74
- sprintf( 'From: %s, Simple Firewall Plugin <%s>', $this->getSiteName(), $insEmailAddress ),
75
  sprintf( "Subject: %s", $insEmailSubject ),
76
  'X-Mailer: PHP/'.phpversion()
77
  );
@@ -81,21 +87,21 @@ class ICWP_EmailProcessor_V1 extends ICWP_WPSF_BaseProcessor {
81
  if ( $this->m_fEmailIsThrottled ) {
82
  return true;
83
  }
84
- $fSuccess = wp_mail( $insEmailAddress, $insEmailSubject, implode( "\r\n", $inaMessage ), implode( "\r\n", $aHeaders ) );
85
- $this->store();
86
  return $fSuccess;
87
  }
88
-
89
  /**
90
  * Will send email to the default recipient setup in the object.
91
- *
92
  * @param string $insEmailSubject
93
  * @param array $inaMessage
 
94
  */
95
  public function sendEmail( $insEmailSubject, $inaMessage ) {
96
- return $this->sendEmailTo( $this->getDefaultRecipientAddress(), $insEmailSubject, $inaMessage );
97
  }
98
-
99
  /**
100
  * Whether we're throttled is dependent on 2 signals. The time interval has changed, or the there's a file
101
  * system object telling us we're throttled.
@@ -122,18 +128,17 @@ class ICWP_EmailProcessor_V1 extends ICWP_WPSF_BaseProcessor {
122
  }
123
  }
124
 
125
- $nNow = time();
126
- if ( !isset($this->m_nEmailThrottleTime) || $this->m_nEmailThrottleTime > $nNow ) {
127
- $this->m_nEmailThrottleTime = $nNow;
128
  }
129
  if ( !isset($this->m_nEmailThrottleCount) ) {
130
  $this->m_nEmailThrottleCount = 0;
131
  }
132
 
133
  // If $nNow is greater than throttle interval (1s) we turn off the file throttle and reset the count
134
- $nDiff = $nNow - $this->m_nEmailThrottleTime;
135
  if ( $nDiff > self::$nThrottleInterval ) {
136
- $this->m_nEmailThrottleTime = $nNow;
137
  $this->m_nEmailThrottleCount = 1; //we set to 1 assuming that this was called because we're about to send, or have just sent, an email.
138
  $this->setThrottledFile( false );
139
  }
@@ -160,28 +165,34 @@ class ICWP_EmailProcessor_V1 extends ICWP_WPSF_BaseProcessor {
160
  public function setDefaultRecipientAddress( $insEmailAddress ) {
161
  $this->m_sRecipientAddress = $insEmailAddress;
162
  }
163
-
164
- public function getDefaultRecipientAddress() {
165
- if ( empty( $this->m_sRecipientAddress ) ) {
166
- $this->m_sRecipientAddress = $this->m_aOptions[ 'block_send_email_address' ];
167
- }
168
- return $this->m_sRecipientAddress;
 
169
  }
170
-
171
- public function setSiteName( $insName ) {
172
- $this->m_sSiteName = $insName;
 
 
 
 
173
  }
174
-
 
 
 
175
  public function getSiteName() {
176
- if ( empty( $this->m_sSiteName ) ) {
177
- $this->m_sSiteName = function_exists( 'get_bloginfo' )? get_bloginfo('name') : 'WordPress Site';
178
- }
179
- return $this->m_sSiteName;
180
  }
181
 
182
  public function getThrottleLimit() {
183
  if ( empty( $this->m_nEmailThrottleLimit ) ) {
184
- $this->m_nEmailThrottleLimit = $this->m_aOptions[ 'send_email_throttle_limit' ];
185
  }
186
  return $this->m_nEmailThrottleLimit;
187
  }
51
  */
52
  protected $m_fEmailIsThrottled;
53
 
54
+ /**
55
+ * @param ICWP_WPSF_FeatureHandler_Email $oFeatureOptions
56
+ */
57
+ public function __construct( ICWP_WPSF_FeatureHandler_Email $oFeatureOptions ) {
58
+ parent::__construct( $oFeatureOptions );
59
  }
60
 
61
  public function reset() {
64
  }
65
 
66
  /**
67
+ * @param string $sEmailAddress
68
  * @param string $insEmailSubject
69
+ * @param array $aMessage
70
+ * @return boolean
71
  * @uses wp_mail
72
  */
73
+ public function sendEmailTo( $sEmailAddress = '', $insEmailSubject = '', $aMessage = array() ) {
74
+
75
+ $sEmailTo = $this->verifyEmailAddress( $sEmailAddress );
76
+
77
  $aHeaders = array(
78
  'MIME-Version: 1.0',
79
  'Content-type: text/plain;',
80
+ sprintf( 'From: %s, Simple Firewall Plugin <%s>', $this->getSiteName(), $sEmailTo ),
81
  sprintf( "Subject: %s", $insEmailSubject ),
82
  'X-Mailer: PHP/'.phpversion()
83
  );
87
  if ( $this->m_fEmailIsThrottled ) {
88
  return true;
89
  }
90
+ $fSuccess = wp_mail( $sEmailTo, $insEmailSubject, implode( "\r\n", $aMessage ), implode( "\r\n", $aHeaders ) );
 
91
  return $fSuccess;
92
  }
93
+
94
  /**
95
  * Will send email to the default recipient setup in the object.
96
+ *
97
  * @param string $insEmailSubject
98
  * @param array $inaMessage
99
+ * @return boolean
100
  */
101
  public function sendEmail( $insEmailSubject, $inaMessage ) {
102
+ return $this->sendEmailTo( null, $insEmailSubject, $inaMessage );
103
  }
104
+
105
  /**
106
  * Whether we're throttled is dependent on 2 signals. The time interval has changed, or the there's a file
107
  * system object telling us we're throttled.
128
  }
129
  }
130
 
131
+ if ( !isset($this->m_nEmailThrottleTime) || $this->m_nEmailThrottleTime > self::$nRequestTimestamp ) {
132
+ $this->m_nEmailThrottleTime = self::$nRequestTimestamp;
 
133
  }
134
  if ( !isset($this->m_nEmailThrottleCount) ) {
135
  $this->m_nEmailThrottleCount = 0;
136
  }
137
 
138
  // If $nNow is greater than throttle interval (1s) we turn off the file throttle and reset the count
139
+ $nDiff = self::$nRequestTimestamp - $this->m_nEmailThrottleTime;
140
  if ( $nDiff > self::$nThrottleInterval ) {
141
+ $this->m_nEmailThrottleTime = self::$nRequestTimestamp;
142
  $this->m_nEmailThrottleCount = 1; //we set to 1 assuming that this was called because we're about to send, or have just sent, an email.
143
  $this->setThrottledFile( false );
144
  }
165
  public function setDefaultRecipientAddress( $insEmailAddress ) {
166
  $this->m_sRecipientAddress = $insEmailAddress;
167
  }
168
+
169
+ /**
170
+ * @param string $sEmailAddress
171
+ * @return string
172
+ */
173
+ public function verifyEmailAddress( $sEmailAddress = '' ) {
174
+ return ( empty( $sEmailAddress ) || !is_email( $sEmailAddress ) ) ? $this->getDefaultRecipientAddress() : $sEmailAddress;
175
  }
176
+
177
+ /**
178
+ * @return mixed
179
+ */
180
+ public function getDefaultRecipientAddress() {
181
+ $oWpFunctions = $this->loadWpFunctionsProcessor();
182
+ return apply_filters( $this->oFeatureOptions->doPluginPrefix( 'report_email_address' ), $oWpFunctions->getSiteAdminEmail() );
183
  }
184
+
185
+ /**
186
+ * @return string
187
+ */
188
  public function getSiteName() {
189
+ $oWpFunctions = $this->loadWpFunctionsProcessor();
190
+ return $oWpFunctions->getSiteName();
 
 
191
  }
192
 
193
  public function getThrottleLimit() {
194
  if ( empty( $this->m_nEmailThrottleLimit ) ) {
195
+ $this->m_nEmailThrottleLimit = $this->getOption( 'send_email_throttle_limit' );
196
  }
197
  return $this->m_nEmailThrottleLimit;
198
  }
src/icwp-processor-firewall.php CHANGED
@@ -21,12 +21,6 @@ if ( !class_exists('ICWP_FirewallProcessor_V1') ):
21
 
22
  class ICWP_FirewallProcessor_V1 extends ICWP_WPSF_BaseProcessor {
23
 
24
- const Slug = 'firewall';
25
-
26
- protected $m_nRequestTimestamp;
27
-
28
- protected $m_aBlockSettings;
29
-
30
  protected $m_aWhitelistPages;
31
  protected $m_aWhitelistPagesPatterns;
32
  protected $m_aCustomWhitelistPageParams;
@@ -70,44 +64,29 @@ class ICWP_FirewallProcessor_V1 extends ICWP_WPSF_BaseProcessor {
70
  */
71
  protected $m_aPageParamValues;
72
 
73
- public function __construct( $insOptionPrefix = '' ) {
74
- parent::__construct( $this->constructStorageKey( $insOptionPrefix, self::Slug ) );
 
 
 
75
 
76
- $sMessage = "You were blocked by the %sWordPress Simple Firewall%s.";
77
  $this->m_sFirewallMessage = sprintf( $sMessage, '<a href="http://wordpress.org/plugins/wp-simple-firewall/" target="_blank">', '</a>');
78
  }
79
 
80
  /**
81
  * @see ICWP_WPSF_BaseProcessor::setOptions()
82
  */
83
- public function setOptions( &$inaOptions ) {
84
- parent::setOptions( $inaOptions );
85
-
86
- // collect up all the settings to pass to the processor
87
- $aSettingSlugs = array(
88
- 'include_cookie_checks',
89
- 'block_dir_traversal',
90
- 'block_sql_queries',
91
- 'block_wordpress_terms',
92
- 'block_field_truncation',
93
- 'block_php_code',
94
- 'block_exe_file_uploads',
95
- 'block_leading_schema'
96
- );
97
- $this->m_aBlockSettings = array();
98
- foreach( $aSettingSlugs as $sSettingKey ) {
99
- $this->m_aBlockSettings[ $sSettingKey ] = $this->getOption( $sSettingKey ) == 'Y';
100
- }
101
-
102
- $this->m_aCustomWhitelistPageParams = is_array( $this->m_aOptions[ 'page_params_whitelist' ] )? $this->m_aOptions[ 'page_params_whitelist' ] : array();
103
- $this->setLogging( $this->getOption('enable_firewall_log') == 'Y' );
104
  }
105
 
106
  /**
107
  * @return boolean
108
  */
109
  public function getNeedsEmailHandler() {
110
- if ( $this->m_aOptions['block_send_email'] == 'Y' ) {
111
  return true;
112
  }
113
  return false;
@@ -115,10 +94,16 @@ class ICWP_FirewallProcessor_V1 extends ICWP_WPSF_BaseProcessor {
115
 
116
  public function reset() {
117
  parent::reset();
118
- $this->m_nRequestTimestamp = time();
119
  $this->m_nLoopProtect = 0;
120
  $this->m_fRequestIsWhitelisted = false;
121
  }
 
 
 
 
 
 
 
122
 
123
  /**
124
  * Should return false when logging is disabled.
@@ -128,21 +113,30 @@ class ICWP_FirewallProcessor_V1 extends ICWP_WPSF_BaseProcessor {
128
  */
129
  public function flushLogData() {
130
 
131
- if ( !$this->m_fLoggingEnabled ) {
132
  return false;
133
  }
134
-
135
  $this->m_aLog = array(
136
  'category' => self::LOG_CATEGORY_FIREWALL,
137
  'messages' => serialize( $this->m_aLogMessages ),
138
- 'created_at' => $this->m_nRequestTimestamp,
139
- 'ip' => long2ip( $this->m_nRequestIp ),
140
- 'ip_long' => $this->m_nRequestIp,
141
  );
142
  $this->resetLog();
143
  return $this->m_aLog;
144
  }
145
-
 
 
 
 
 
 
 
 
 
146
  /**
147
  * @return boolean - true if visitor is permitted, false if it should be blocked.
148
  */
@@ -174,9 +168,9 @@ class ICWP_FirewallProcessor_V1 extends ICWP_WPSF_BaseProcessor {
174
  }
175
  $this->m_aPageParamValuesToCheck = array_values( $this->m_aPageParams );
176
 
177
- if ( $this->m_nRequestIp === false ) {
178
  $this->logCritical(
179
- _wpsf__("Visitor IP address could not be determined so by-passing the Firewall.")
180
  );
181
  return true;
182
  }
@@ -217,25 +211,25 @@ class ICWP_FirewallProcessor_V1 extends ICWP_WPSF_BaseProcessor {
217
  return true;
218
  }
219
 
220
- if ( $fIsPermittedVisitor && $this->m_aBlockSettings[ 'block_dir_traversal' ] ) {
221
  $fIsPermittedVisitor = $this->doPassCheckBlockDirTraversal();
222
  }
223
- if ( $fIsPermittedVisitor && $this->m_aBlockSettings[ 'block_sql_queries' ] ) {
224
  $fIsPermittedVisitor = $this->doPassCheckBlockSqlQueries();
225
  }
226
- if ( $fIsPermittedVisitor && $this->m_aBlockSettings[ 'block_wordpress_terms' ] ) {
227
  $fIsPermittedVisitor = $this->doPassCheckBlockWordpressTerms();
228
  }
229
- if ( $fIsPermittedVisitor && $this->m_aBlockSettings[ 'block_field_truncation' ] ) {
230
  $fIsPermittedVisitor = $this->doPassCheckBlockFieldTruncation();
231
  }
232
- if ( $fIsPermittedVisitor && $this->m_aBlockSettings[ 'block_php_code' ] ) {
233
  $fIsPermittedVisitor = $this->doPassCheckPhpCode();
234
  }
235
- if ( $fIsPermittedVisitor && $this->m_aBlockSettings[ 'block_exe_file_uploads' ] ) {
236
  $fIsPermittedVisitor = $this->doPassCheckBlockExeFileUploads();
237
  }
238
- if ( $fIsPermittedVisitor && $this->m_aBlockSettings[ 'block_leading_schema' ] ) {
239
  $fIsPermittedVisitor = $this->doPassCheckBlockLeadingSchema();
240
  }
241
 
@@ -403,7 +397,7 @@ class ICWP_FirewallProcessor_V1 extends ICWP_WPSF_BaseProcessor {
403
 
404
  public function doPreFirewallBlock() {
405
 
406
- switch( $this->m_aOptions['block_response'] ) {
407
  case 'redirect_die':
408
  $this->logWarning(
409
  sprintf( _wpsf__('Firewall Block Response: %s'), _wpsf__('Visitor connection was killed with wp_die()') )
@@ -426,14 +420,14 @@ class ICWP_FirewallProcessor_V1 extends ICWP_WPSF_BaseProcessor {
426
  break;
427
  }
428
 
429
- if ( $this->m_aOptions['block_send_email'] == 'Y' ) {
430
  $this->sendBlockEmail();
431
  }
432
  }
433
 
434
  public function doFirewallBlock() {
435
 
436
- switch( $this->m_aOptions['block_response'] ) {
437
  case 'redirect_die':
438
  break;
439
  case 'redirect_die_message':
@@ -562,7 +556,8 @@ class ICWP_FirewallProcessor_V1 extends ICWP_WPSF_BaseProcessor {
562
 
563
  protected function setPageParams() {
564
  $this->m_aPageParams = array_merge( $_GET, $_POST );
565
- if ( $this->m_aBlockSettings[ 'include_cookie_checks' ] ) {
 
566
  $this->m_aPageParams = array_merge( $this->m_aPageParams, $_COOKIE );
567
  }
568
 
@@ -596,12 +591,8 @@ class ICWP_FirewallProcessor_V1 extends ICWP_WPSF_BaseProcessor {
596
  )
597
  );
598
 
599
- if ( !is_null($this->m_aCustomWhitelistPageParams) && is_array($this->m_aCustomWhitelistPageParams) ) {
600
- $this->m_aWhitelistPages = array_merge( $aDefaultWlPages, $this->m_aCustomWhitelistPageParams );
601
- }
602
- else {
603
- $this->m_aWhitelistPages = $aDefaultWlPages;
604
- }
605
 
606
  $this->m_aWhitelistPagesPatterns = array(
607
  self::PcreDelimiter.'\/wp-admin\/\*'.self::PcreDelimiter => array(
@@ -612,11 +603,11 @@ class ICWP_FirewallProcessor_V1 extends ICWP_WPSF_BaseProcessor {
612
  }
613
 
614
  public function isVisitorOnWhitelist() {
615
- return $this->isIpOnlist( $this->m_aOptions[ 'ips_whitelist' ], $this->m_nRequestIp, $this->m_sListItemLabel );
616
  }
617
 
618
  public function isVisitorOnBlacklist() {
619
- return $this->isIpOnlist( $this->m_aOptions[ 'ips_blacklist' ], $this->m_nRequestIp, $this->m_sListItemLabel );
620
  }
621
 
622
  /**
@@ -624,7 +615,9 @@ class ICWP_FirewallProcessor_V1 extends ICWP_WPSF_BaseProcessor {
624
  */
625
  public function sendBlockEmail() {
626
 
627
- $sIp = long2ip( $this->m_nRequestIp );
 
 
628
  $aMessage = array(
629
  _wpsf__('WordPress Simple Firewall has blocked a page visit to your site.'),
630
  _wpsf__('Log details for this visitor are below:'),
@@ -637,8 +630,8 @@ class ICWP_FirewallProcessor_V1 extends ICWP_WPSF_BaseProcessor {
637
  $aMessage[] = sprintf( _wpsf__('You can look up the offending IP Address here: %s'), 'http://ip-lookup.net/?ip='.$sIp );
638
 
639
  $sEmailSubject = sprintf( _wpsf__('Firewall Block Email Alert: %s'), home_url() );
640
- $this->sendEmail( $sEmailSubject, $aMessage );
641
- $this->logInfo( _wpsf__('Firewall block email alert sent.') );
642
  }
643
  }
644
 
21
 
22
  class ICWP_FirewallProcessor_V1 extends ICWP_WPSF_BaseProcessor {
23
 
 
 
 
 
 
 
24
  protected $m_aWhitelistPages;
25
  protected $m_aWhitelistPagesPatterns;
26
  protected $m_aCustomWhitelistPageParams;
64
  */
65
  protected $m_aPageParamValues;
66
 
67
+ /**
68
+ * @param ICWP_WPSF_FeatureHandler_Firewall $oFeatureOptions
69
+ */
70
+ public function __construct( ICWP_WPSF_FeatureHandler_Firewall $oFeatureOptions ) {
71
+ parent::__construct( $oFeatureOptions );
72
 
73
+ $sMessage = _wpsf__( "You were blocked by the %sWordPress Simple Firewall%s." );
74
  $this->m_sFirewallMessage = sprintf( $sMessage, '<a href="http://wordpress.org/plugins/wp-simple-firewall/" target="_blank">', '</a>');
75
  }
76
 
77
  /**
78
  * @see ICWP_WPSF_BaseProcessor::setOptions()
79
  */
80
+ public function setOptions( &$aOptions ) {
81
+ parent::setOptions( $aOptions );
82
+ $this->m_aCustomWhitelistPageParams = is_array( $this->getOption( 'page_params_whitelist' ) )? $this->getOption( 'page_params_whitelist' ) : array();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
83
  }
84
 
85
  /**
86
  * @return boolean
87
  */
88
  public function getNeedsEmailHandler() {
89
+ if ( $this->getIsOption( 'block_send_email', 'Y' ) ) {
90
  return true;
91
  }
92
  return false;
94
 
95
  public function reset() {
96
  parent::reset();
 
97
  $this->m_nLoopProtect = 0;
98
  $this->m_fRequestIsWhitelisted = false;
99
  }
100
+
101
+ /**
102
+ * @return bool|void
103
+ */
104
+ public function getIsLogging() {
105
+ return $this->getIsOption( 'enable_firewall_log', 'Y' );
106
+ }
107
 
108
  /**
109
  * Should return false when logging is disabled.
113
  */
114
  public function flushLogData() {
115
 
116
+ if ( !$this->getIsLogging() || empty( $this->m_aLogMessages ) ) {
117
  return false;
118
  }
119
+
120
  $this->m_aLog = array(
121
  'category' => self::LOG_CATEGORY_FIREWALL,
122
  'messages' => serialize( $this->m_aLogMessages ),
123
+ 'created_at' => self::$nRequestTimestamp,
124
+ 'ip' => long2ip( self::$nRequestIp ),
125
+ 'ip_long' => self::$nRequestIp,
126
  );
127
  $this->resetLog();
128
  return $this->m_aLog;
129
  }
130
+
131
+ public function run() {
132
+ $fIfFirewallBlockUser = !$this->doFirewallCheck();
133
+
134
+ if ( $fIfFirewallBlockUser ) {
135
+ $this->doPreFirewallBlock();
136
+ $this->doFirewallBlock();
137
+ }
138
+ }
139
+
140
  /**
141
  * @return boolean - true if visitor is permitted, false if it should be blocked.
142
  */
168
  }
169
  $this->m_aPageParamValuesToCheck = array_values( $this->m_aPageParams );
170
 
171
+ if ( self::$nRequestIp === false ) {
172
  $this->logCritical(
173
+ _wpsf__("Visitor IP address could not be determined, so by-passing the Firewall.")
174
  );
175
  return true;
176
  }
211
  return true;
212
  }
213
 
214
+ if ( $fIsPermittedVisitor && $this->getIsOption( 'block_dir_traversal', 'Y' ) ) {
215
  $fIsPermittedVisitor = $this->doPassCheckBlockDirTraversal();
216
  }
217
+ if ( $fIsPermittedVisitor && $this->getIsOption( 'block_sql_queries', 'Y' ) ) {
218
  $fIsPermittedVisitor = $this->doPassCheckBlockSqlQueries();
219
  }
220
+ if ( $fIsPermittedVisitor && $this->getIsOption( 'block_wordpress_terms', 'Y' ) ) {
221
  $fIsPermittedVisitor = $this->doPassCheckBlockWordpressTerms();
222
  }
223
+ if ( $fIsPermittedVisitor && $this->getIsOption( 'block_field_truncation', 'Y' ) ) {
224
  $fIsPermittedVisitor = $this->doPassCheckBlockFieldTruncation();
225
  }
226
+ if ( $fIsPermittedVisitor && $this->getIsOption( 'block_php_code', 'Y' ) ) {
227
  $fIsPermittedVisitor = $this->doPassCheckPhpCode();
228
  }
229
+ if ( $fIsPermittedVisitor && $this->getIsOption( 'block_exe_file_uploads', 'Y' ) ) {
230
  $fIsPermittedVisitor = $this->doPassCheckBlockExeFileUploads();
231
  }
232
+ if ( $fIsPermittedVisitor && $this->getIsOption( 'block_leading_schema', 'Y' ) ) {
233
  $fIsPermittedVisitor = $this->doPassCheckBlockLeadingSchema();
234
  }
235
 
397
 
398
  public function doPreFirewallBlock() {
399
 
400
+ switch( $this->getOption( 'block_response' ) ) {
401
  case 'redirect_die':
402
  $this->logWarning(
403
  sprintf( _wpsf__('Firewall Block Response: %s'), _wpsf__('Visitor connection was killed with wp_die()') )
420
  break;
421
  }
422
 
423
+ if ( $this->getIsOption( 'block_send_email', 'Y' ) ) {
424
  $this->sendBlockEmail();
425
  }
426
  }
427
 
428
  public function doFirewallBlock() {
429
 
430
+ switch( $this->getOption( 'block_response' ) ) {
431
  case 'redirect_die':
432
  break;
433
  case 'redirect_die_message':
556
 
557
  protected function setPageParams() {
558
  $this->m_aPageParams = array_merge( $_GET, $_POST );
559
+
560
+ if ( $this->getIsOption( 'include_cookie_checks', 'Y' ) ) {
561
  $this->m_aPageParams = array_merge( $this->m_aPageParams, $_COOKIE );
562
  }
563
 
591
  )
592
  );
593
 
594
+ $aCustomWhitelistPageParams = is_array( $this->getOption( 'page_params_whitelist' ) )? $this->getOption( 'page_params_whitelist' ) : array();
595
+ $this->m_aWhitelistPages = array_merge( $aDefaultWlPages, $aCustomWhitelistPageParams );
 
 
 
 
596
 
597
  $this->m_aWhitelistPagesPatterns = array(
598
  self::PcreDelimiter.'\/wp-admin\/\*'.self::PcreDelimiter => array(
603
  }
604
 
605
  public function isVisitorOnWhitelist() {
606
+ return $this->isIpOnlist( $this->getOption( 'ips_whitelist', array() ), self::$nRequestIp, $this->m_sListItemLabel );
607
  }
608
 
609
  public function isVisitorOnBlacklist() {
610
+ return $this->isIpOnlist( $this->getOption( 'ips_blacklist', array() ), self::$nRequestIp, $this->m_sListItemLabel );
611
  }
612
 
613
  /**
615
  */
616
  public function sendBlockEmail() {
617
 
618
+ $oEmailProcessor = $this->getEmailProcessor();
619
+
620
+ $sIp = long2ip( self::$nRequestIp );
621
  $aMessage = array(
622
  _wpsf__('WordPress Simple Firewall has blocked a page visit to your site.'),
623
  _wpsf__('Log details for this visitor are below:'),
630
  $aMessage[] = sprintf( _wpsf__('You can look up the offending IP Address here: %s'), 'http://ip-lookup.net/?ip='.$sIp );
631
 
632
  $sEmailSubject = sprintf( _wpsf__('Firewall Block Email Alert: %s'), home_url() );
633
+ $fSendSuccess = $oEmailProcessor->sendEmail( $sEmailSubject, $aMessage );
634
+ $this->logInfo( sprintf( _wpsf__('Firewall block email alert sent %s.'), $fSendSuccess? _wpsf__('successfully') : _wpsf__('unsuccessfully') ) );
635
  }
636
  }
637
 
src/icwp-processor-lockdown.php CHANGED
@@ -21,10 +21,11 @@ if ( !class_exists('ICWP_LockdownProcessor_V1') ):
21
 
22
  class ICWP_LockdownProcessor_V1 extends ICWP_WPSF_BaseProcessor {
23
 
24
- const Slug = 'lockdown';
25
-
26
- public function __construct( $insOptionPrefix = '' ) {
27
- parent::__construct( $this->constructStorageKey( $insOptionPrefix, self::Slug ) );
 
28
  }
29
 
30
  /**
@@ -63,6 +64,10 @@ class ICWP_LockdownProcessor_V1 extends ICWP_WPSF_BaseProcessor {
63
  }
64
  force_ssl_admin( true );
65
  }
 
 
 
 
66
  }
67
 
68
  /**
@@ -85,7 +90,7 @@ class ICWP_LockdownProcessor_V1 extends ICWP_WPSF_BaseProcessor {
85
  */
86
  public function maskWordpressVersion( $insOutput, $insShow ) {
87
  // if ( $insShow === 'version' ) {
88
- // $insOutput = $this->m_aOptions['mask_wordpress_version'];
89
  // }
90
  // return $insOutput;
91
  }
21
 
22
  class ICWP_LockdownProcessor_V1 extends ICWP_WPSF_BaseProcessor {
23
 
24
+ /**
25
+ * @param ICWP_WPSF_FeatureHandler_Lockdown $oFeatureOptions
26
+ */
27
+ public function __construct( ICWP_WPSF_FeatureHandler_Lockdown $oFeatureOptions ) {
28
+ parent::__construct( $oFeatureOptions );
29
  }
30
 
31
  /**
64
  }
65
  force_ssl_admin( true );
66
  }
67
+
68
+ if ( $this->getIsOption( 'hide_wordpress_generator_tag', 'Y' ) ) {
69
+ remove_action( 'wp_head', 'wp_generator' );
70
+ }
71
  }
72
 
73
  /**
90
  */
91
  public function maskWordpressVersion( $insOutput, $insShow ) {
92
  // if ( $insShow === 'version' ) {
93
+ // $insOutput = $this->aOptions['mask_wordpress_version'];
94
  // }
95
  // return $insOutput;
96
  }
src/icwp-processor-logging.php CHANGED
@@ -21,22 +21,25 @@ if ( !class_exists('ICWP_LoggingProcessor_V1') ):
21
 
22
  class ICWP_LoggingProcessor_V1 extends ICWP_BaseDbProcessor_WPSF {
23
 
24
- const Slug = 'logging';
25
  const TableName = 'wpsf_log';
26
  const DaysToKeepLog = 7;
27
 
28
- protected $m_sRequestId;
29
 
30
- public function __construct( $insOptionPrefix = '' ) {
31
- parent::__construct( $this->constructStorageKey( $insOptionPrefix, self::Slug ), self::TableName );
 
 
 
32
  $this->createTable();
33
  }
34
 
 
35
  public function reset() {
36
  parent::reset();
37
  $this->m_sRequestId = uniqid();
38
  }
39
-
40
  /**
41
  * @param boolean $infReverseOrder
42
  * @return array - numerical array of all log data entries.
@@ -61,16 +64,16 @@ class ICWP_LoggingProcessor_V1 extends ICWP_BaseDbProcessor_WPSF {
61
  $inaLogData['category'] = self::LOG_CATEGORY_DEFAULT;
62
  }
63
  if ( !isset( $inaLogData['request_id'] ) ) {
64
- $inaLogData['request_id'] = $this->m_sRequestId;
65
  }
66
  if ( !isset( $inaLogData['ip'] ) ) {
67
- $inaLogData['ip'] = self::GetVisitorIpAddress( false );
68
  }
69
  if ( !isset( $inaLogData['ip_long'] ) ) {
70
- $inaLogData['ip_long'] = ip2long( $inaLogData['ip'] );
71
  }
72
  if ( !isset( $inaLogData['created_at'] ) ) {
73
- $inaLogData['created_at'] = time();
74
  }
75
  return $inaLogData;
76
  }
@@ -88,7 +91,7 @@ class ICWP_LoggingProcessor_V1 extends ICWP_BaseDbProcessor_WPSF {
88
  `deleted_at` int(15) NOT NULL DEFAULT '0',
89
  PRIMARY KEY (`id`)
90
  ) ENGINE=MyISAM DEFAULT CHARSET=utf8;";
91
- $sSqlTables = sprintf( $sSqlTables, $this->m_sTableName );
92
  return $this->doSql( $sSqlTables );
93
  }
94
 
@@ -108,7 +111,7 @@ class ICWP_LoggingProcessor_V1 extends ICWP_BaseDbProcessor_WPSF {
108
  if ( !$this->getTableExists() ) {
109
  return;
110
  }
111
- $nTimeStamp = time() - DAY_IN_SECONDS * self::DaysToKeepLog;
112
  $this->deleteAllRowsOlderThan( $nTimeStamp );
113
  }
114
  }
21
 
22
  class ICWP_LoggingProcessor_V1 extends ICWP_BaseDbProcessor_WPSF {
23
 
 
24
  const TableName = 'wpsf_log';
25
  const DaysToKeepLog = 7;
26
 
27
+ protected $sVisitorRequestId;
28
 
29
+ /**
30
+ * @param ICWP_WPSF_FeatureHandler_Logging $oFeatureOptions
31
+ */
32
+ public function __construct( ICWP_WPSF_FeatureHandler_Logging $oFeatureOptions ) {
33
+ parent::__construct( $oFeatureOptions, self::TableName );
34
  $this->createTable();
35
  }
36
 
37
+
38
  public function reset() {
39
  parent::reset();
40
  $this->m_sRequestId = uniqid();
41
  }
42
+
43
  /**
44
  * @param boolean $infReverseOrder
45
  * @return array - numerical array of all log data entries.
64
  $inaLogData['category'] = self::LOG_CATEGORY_DEFAULT;
65
  }
66
  if ( !isset( $inaLogData['request_id'] ) ) {
67
+ $inaLogData['request_id'] = $this->sVisitorRequestId;
68
  }
69
  if ( !isset( $inaLogData['ip'] ) ) {
70
+ $inaLogData['ip'] = self::$nRequestIp;
71
  }
72
  if ( !isset( $inaLogData['ip_long'] ) ) {
73
+ $inaLogData['ip_long'] = ip2long( self::$nRequestIp );
74
  }
75
  if ( !isset( $inaLogData['created_at'] ) ) {
76
+ $inaLogData['created_at'] = self::$nRequestTimestamp;
77
  }
78
  return $inaLogData;
79
  }
91
  `deleted_at` int(15) NOT NULL DEFAULT '0',
92
  PRIMARY KEY (`id`)
93
  ) ENGINE=MyISAM DEFAULT CHARSET=utf8;";
94
+ $sSqlTables = sprintf( $sSqlTables, $this->getTableName() );
95
  return $this->doSql( $sSqlTables );
96
  }
97
 
111
  if ( !$this->getTableExists() ) {
112
  return;
113
  }
114
+ $nTimeStamp = self::$nRequestTimestamp - DAY_IN_SECONDS * self::DaysToKeepLog;
115
  $this->deleteAllRowsOlderThan( $nTimeStamp );
116
  }
117
  }
src/icwp-processor-loginprotect.php CHANGED
@@ -17,15 +17,19 @@
17
 
18
  require_once( dirname(__FILE__).'/icwp-basedb-processor.php' );
19
 
20
- if ( !class_exists('ICWP_LoginProtectProcessor_V2') ):
21
 
22
- class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
23
 
24
- const Slug = 'login_protect';
25
  const TableName = 'login_auth';
26
  const AuthActiveCookie = 'wpsf_auth';
27
  const YubikeyVerifyApiUrl = 'https://api.yubico.com/wsapi/2.0/verify?id=%s&otp=%s&nonce=%s';
28
 
 
 
 
 
 
29
  /**
30
  * @var string
31
  */
@@ -41,31 +45,16 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
41
  * @var integer
42
  */
43
  protected $m_nLastLoginTime;
44
- /**
45
- * @var string
46
- */
47
- protected $m_sSecretKey;
48
- /**
49
- * @var string
50
- */
51
- protected $m_sGaspKey;
52
  /**
53
  * @var string
54
  */
55
  protected $nDaysToKeepLog = 1;
56
-
57
  /**
58
- * Flag as to whether Two Factor Authentication will be by-pass when sending the verification
59
- * email fails.
60
- *
61
- * @var boolean
62
  */
63
- protected $m_fAllowTwoFactorByPass;
64
-
65
- public function __construct( $insOptionPrefix = '' ) {
66
- parent::__construct( $this->constructStorageKey( $insOptionPrefix, self::Slug ), self::TableName );
67
- $this->m_sGaspKey = uniqid();
68
- $this->updateLastLoginThrottleTime( time() );
69
  $this->createTable();
70
  $this->reset();
71
  }
@@ -76,45 +65,15 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
76
  public function reset() {
77
  parent::reset();
78
  self::$sModeFile_LoginThrottled = dirname( __FILE__ ).'/../mode.login_throttled';
79
- $this->genSecretKey();
80
  }
81
 
82
  /**
83
- * Set the secret key by which authentication is validated.
84
  *
85
- * @param boolean $infForceUpdate
86
- * @return string
87
- */
88
- public function genSecretKey( $infForceUpdate = false ) {
89
- if ( empty( $this->m_sSecretKey ) || $infForceUpdate ) {
90
- $this->m_sSecretKey = md5( mt_rand() );
91
- }
92
- return $this->m_sSecretKey;
93
- }
94
-
95
- /**
96
- * Set the secret key by which authentication is validated.
97
- *
98
- * @param string $insSecretKey
99
  */
100
- public function setSecretKey( $insSecretKey = '' ) {
101
- if ( !empty( $insSecretKey ) ) {
102
- $this->genSecretKey();
103
- }
104
- else {
105
- $this->m_sSecretKey = $insSecretKey;
106
- }
107
- }
108
-
109
- /**
110
- *
111
- * @param array $inaOptions
112
- */
113
- public function setOptions( &$inaOptions ) {
114
- parent::setOptions( $inaOptions );
115
- $this->setLogging();
116
  $this->setLoginCooldownInterval();
117
- $this->setTwoFactorByPassOnFail();
118
  }
119
 
120
  /**
@@ -130,8 +89,8 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
130
  */
131
  protected function getIsTwoFactorAuthOn( $sType = '' ) {
132
 
133
- $fIp = $this->getOption( 'enable_two_factor_auth_by_ip', 'N' ) == 'Y';
134
- $fCookie = $this->getOption( 'enable_two_factor_auth_by_cookie', 'N' ) == 'Y';
135
 
136
  switch( $sType ) {
137
  case 'ip':
@@ -145,9 +104,12 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
145
  break;
146
  }
147
  }
148
-
149
- public function setLogging( $infEnableLogging = true ) {
150
- parent::setLogging( $this->getOption('enable_login_protect_log') == 'Y' );
 
 
 
151
  }
152
 
153
  /**
@@ -172,10 +134,10 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
172
 
173
  // Add GASP checking to the login form.
174
  if ( $this->getIsOption('enable_login_gasp_check', 'Y') ) {
175
- add_action( 'login_form', array( $this, 'printGaspLoginCheck_Action' ) );
176
- add_filter( 'login_form_middle', array( $this, 'printGaspLoginCheck_Filter' ) );
177
- add_filter( 'authenticate', array( $this, 'checkLoginForGasp_Filter' ), 22, 3);
178
- // add_action( 'woocommerce_login_form', array( $this, 'printGaspLoginCheck_Action' ) );
179
  }
180
 
181
  // Do GASP checking if it's a form submit.
@@ -296,7 +258,7 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
296
  */
297
  public function flushLogData() {
298
 
299
- if ( !$this->m_fLoggingEnabled || empty( $this->m_aLogMessages ) ) {
300
  return false;
301
  }
302
 
@@ -315,7 +277,7 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
315
  $this->loadDataProcessor();
316
  // wpsfkey=%s&wpsf-action=%s&username=%s&uniqueid
317
 
318
- if ( ICWP_WPSF_DataProcessor::FetchGet( 'wpsfkey' ) !== $this->m_sSecretKey ) {
319
  return false;
320
  }
321
 
@@ -369,18 +331,17 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
369
  }
370
 
371
  // Get the last login time (and update it also for the next time)
372
- $sNow = time();
373
  $this->m_nLastLoginTime = $this->getLastLoginTime();
374
 
375
  if ( empty( $this->m_nLastLoginTime ) || $this->m_nLastLoginTime < 0 ) {
376
- $this->updateLastLoginThrottleTime( $sNow );
377
  }
378
 
379
  // If we're outside the interval, let the login process proceed as per normal and
380
  // update our last login time.
381
- $nLoginInterval = $sNow - $this->m_nLastLoginTime;
382
  if ( $nLoginInterval > $nRequiredLoginInterval ) {
383
- $this->updateLastLoginThrottleTime( $sNow );
384
  $this->doStatIncrement( 'login.cooldown.success' );
385
  return $inoUser;
386
  }
@@ -422,7 +383,6 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
422
  $oWpFs = $this->loadFileSystemProcessor();
423
  $this->m_nLastLoginTime = $innLastLoginTime;
424
  $oWpFs->fileAction( 'touch', array(self::$sModeFile_LoginThrottled, $innLastLoginTime) );
425
- $this->setNeedSave();
426
  }
427
 
428
  /**
@@ -596,7 +556,7 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
596
  $fEmailSuccess = $this->sendEmailTwoFactorVerify( $inoUser, $aNewAuthData['ip'], $aNewAuthData['unique_id'] );
597
 
598
  // Failure to send email - log them in.
599
- if ( !$fEmailSuccess && $this->getTwoFactorByPassOnFail() ) {
600
  $this->doMakePendingLoginAuthActive( $aNewAuthData );
601
  return $inoUser;
602
  }
@@ -688,18 +648,18 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
688
 
689
  return $sHtml;
690
  }
691
-
 
 
 
692
  public function getGaspCheckboxName() {
693
- if ( empty( $this->m_sGaspKey ) ) {
694
- $this->m_sGaspKey = uniqid();
695
- }
696
- return "icwp_wpsf_$this->m_sGaspKey";
697
  }
698
 
699
  public function doGaspChecks( $insUsername ) {
700
  if ( !isset( $_POST[ $this->getGaspCheckboxName() ] ) ) {
701
  $this->logWarning(
702
- sprintf( _wpsf__('User "%s" attempted to login but GASP checkbox was not present. Bot Perhaps? IP Address: "%s".'), $insUsername, long2ip($this->m_nRequestIp) )
703
  );
704
  $this->doStatIncrement( 'login.gasp.checkbox.fail' );
705
  wp_die( "You must check that box to say you're not a bot." );
@@ -707,7 +667,7 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
707
  }
708
  else if ( isset( $_POST['icwp_wpsf_login_email'] ) && $_POST['icwp_wpsf_login_email'] !== '' ){
709
  $this->logWarning(
710
- sprintf( _wpsf__('User "%s" attempted to login but they were caught by the GASP honey pot. Bot Perhaps? IP Address: "%s".'), $insUsername, long2ip($this->m_nRequestIp) )
711
  );
712
  $this->doStatIncrement( 'login.gasp.honeypot.fail' );
713
  wp_die( _wpsf__('You appear to be a bot - terminating login attempt.') );
@@ -716,17 +676,6 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
716
  return true;
717
  }
718
 
719
- public function setTwoFactorByPassOnFail() {
720
- $this->m_fAllowTwoFactorByPass = $this->getIsOption( 'enable_two_factor_bypass_on_email_fail', 'Y' );
721
- }
722
-
723
- public function getTwoFactorByPassOnFail() {
724
- if ( !isset( $this->m_fAllowTwoFactorByPass ) ) {
725
- $this->m_fAllowTwoFactorByPass = false;
726
- }
727
- return $this->m_fAllowTwoFactorByPass;
728
- }
729
-
730
  /**
731
  */
732
  public function setLoginCooldownInterval() {
@@ -744,12 +693,10 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
744
  return false;
745
  }
746
 
747
- $sNow = time();
748
-
749
  // First set any other pending entries for the given user to be deleted.
750
  $aOldData = array(
751
- 'deleted_at' => $sNow,
752
- 'expired_at' => $sNow,
753
  );
754
  $aOldWhere = array(
755
  'pending' => 1,
@@ -761,11 +708,11 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
761
  // Now add new pending entry
762
  $aNewData = array();
763
  $aNewData[ 'unique_id' ] = uniqid();
764
- $aNewData[ 'ip_long' ] = $this->m_nRequestIp;
765
- $aNewData[ 'ip' ] = long2ip( $this->m_nRequestIp );
766
  $aNewData[ 'wp_username' ] = $sUsername;
767
  $aNewData[ 'pending' ] = 1;
768
- $aNewData[ 'created_at' ] = time();
769
 
770
  $mResult = $this->insertIntoTable( $aNewData );
771
  if ( $mResult ) {
@@ -833,7 +780,6 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
833
  * @param $sUsername
834
  */
835
  protected function terminateActiveLoginForUser( $sUsername ) {
836
- $sNow = time();
837
  $sQuery = "
838
  UPDATE `%s`
839
  SET `deleted_at` = '%s',
@@ -844,9 +790,9 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
844
  AND `pending` = '0'
845
  ";
846
  $sQuery = sprintf( $sQuery,
847
- $this->m_sTableName,
848
- $sNow,
849
- $sNow,
850
  esc_sql( $sUsername )
851
  );
852
  $this->doSql( $sQuery );
@@ -856,7 +802,6 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
856
  *
857
  */
858
  protected function terminateAllVerifiedLogins() {
859
- $sNow = time();
860
  $sQuery = "
861
  UPDATE `%s`
862
  SET `deleted_at` = '%s',
@@ -866,11 +811,11 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
866
  AND `pending` = '0'
867
  ";
868
  $sQuery = sprintf( $sQuery,
869
- $this->m_sTableName,
870
- $sNow,
871
- $sNow
872
  );
873
- $this->doSql( $sQuery );
874
  }
875
 
876
  /**
@@ -878,7 +823,7 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
878
  */
879
  public function setAuthActiveCookie( $insUniqueId ) {
880
  $nWeek = defined( 'WEEK_IN_SECONDS' )? WEEK_IN_SECONDS : 24*60*60;
881
- setcookie( self::AuthActiveCookie, $insUniqueId, time()+$nWeek, COOKIEPATH, COOKIE_DOMAIN, false );
882
  }
883
 
884
  /**
@@ -900,7 +845,7 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
900
  ";
901
 
902
  $sQuery = sprintf( $sQuery,
903
- $this->m_sTableName,
904
  $sUsername
905
  );
906
 
@@ -910,7 +855,7 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
910
  // Now we test based on which types of 2-factor auth is enabled
911
  $fVerified = true;
912
  $aUserAuthData = $mResult[0];
913
- if ( $this->getIsTwoFactorAuthOn('ip') && ( $this->m_nRequestIp != $aUserAuthData['ip_long'] ) ) {
914
  $fVerified = false;
915
  }
916
  if ( $fVerified && $this->getIsTwoFactorAuthOn('cookie') && !$this->isAuthCookieValid($aUserAuthData['unique_id']) ) {
@@ -920,7 +865,7 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
920
  }
921
  else {
922
  $this->logWarning(
923
- sprintf( _wpsf__('User "%s" was found to be un-verified at the given IP Address "%s"'), $sUsername, long2ip( $this->m_nRequestIp ) )
924
  );
925
  return false;
926
  }
@@ -944,7 +889,7 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
944
 
945
  if ( $this->getIsUserLevelSubjectToTwoFactorAuth( $oUser->user_level ) && !$this->isUserVerified( $oUser->user_login ) ) {
946
  $this->logWarning(
947
- sprintf( _wpsf__('User "%s" was forcefully logged out as they are not verified.'), $oUser->user_login )
948
  );
949
  $this->doStatIncrement( 'login.userverify.fail' );
950
  wp_logout();
@@ -964,7 +909,7 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
964
  protected function generateTwoFactorVerifyLink( $sUser, $sUniqueId ) {
965
  $sSiteUrl = home_url() . '?wpsfkey=%s&wpsf-action=%s&username=%s&uniqueid=%s';
966
  $sAction = 'linkauth';
967
- return sprintf( $sSiteUrl, $this->m_sSecretKey, $sAction, $sUser, $sUniqueId );
968
  }
969
 
970
  /**
@@ -990,7 +935,7 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
990
  // add filters to email sending (for now only Mandrill)
991
  add_filter( 'mandrill_payload', array($this, 'customiseMandrill') );
992
 
993
- $fResult = $this->sendEmailTo( $sEmail, $sEmailSubject, $aMessage );
994
  if ( $fResult ) {
995
  $this->logInfo(
996
  sprintf( _wpsf__('User "%s" was sent an email to verify their Identity using Two-Factor Login Auth for IP address "%s".'), $inoUser->user_login, $insIpAddress )
@@ -1005,7 +950,8 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
1005
  }
1006
 
1007
  /**
1008
- *
 
1009
  */
1010
  public function customiseMandrill( $aMessage ) {
1011
  if ( empty( $aMessage['text'] ) ) {
@@ -1029,7 +975,7 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
1029
  `expired_at` int(15) NOT NULL DEFAULT '0',
1030
  PRIMARY KEY (`id`)
1031
  ) ENGINE=MyISAM DEFAULT CHARSET=utf8;";
1032
- $sSqlTables = sprintf( $sSqlTables, $this->m_sTableName );
1033
  $mResult = $this->doSql( $sSqlTables );
1034
  }
1035
 
@@ -1042,7 +988,7 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
1042
  protected function getLoginAuthData( $inaData ) {
1043
 
1044
  $sQuery = "SELECT * FROM %s WHERE `unique_id` = `%s` AND `wp_username` = %s";
1045
- $sQuery = sprintf( $sQuery, $this->m_sTableName, $inaData['unique_id'], $inaData['wp_username'] );
1046
  return $this->selectRowFromTable( $sQuery );
1047
  }
1048
 
@@ -1055,7 +1001,7 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
1055
  if ( !$this->getTableExists() ) {
1056
  return;
1057
  }
1058
- $nTimeStamp = time() - (DAY_IN_SECONDS * $this->nDaysToKeepLog);
1059
  $this->deleteAllRowsOlderThan( $nTimeStamp );
1060
  }
1061
 
@@ -1070,7 +1016,7 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
1070
  AND `pending` = '1'
1071
  ";
1072
  $sQuery = sprintf( $sQuery,
1073
- $this->m_sTableName,
1074
  esc_sql( $nTimeStamp )
1075
  );
1076
  $this->doSql( $sQuery );
@@ -1080,5 +1026,5 @@ class ICWP_LoginProtectProcessor_V2 extends ICWP_BaseDbProcessor_WPSF {
1080
  endif;
1081
 
1082
  if ( !class_exists('ICWP_WPSF_LoginProtectProcessor') ):
1083
- class ICWP_WPSF_LoginProtectProcessor extends ICWP_LoginProtectProcessor_V2 { }
1084
  endif;
17
 
18
  require_once( dirname(__FILE__).'/icwp-basedb-processor.php' );
19
 
20
+ if ( !class_exists('ICWP_LoginProtectProcessor_V3') ):
21
 
22
+ class ICWP_LoginProtectProcessor_V3 extends ICWP_BaseDbProcessor_WPSF {
23
 
 
24
  const TableName = 'login_auth';
25
  const AuthActiveCookie = 'wpsf_auth';
26
  const YubikeyVerifyApiUrl = 'https://api.yubico.com/wsapi/2.0/verify?id=%s&otp=%s&nonce=%s';
27
 
28
+ /**
29
+ * @var ICWP_WPSF_FeatureHandler_LoginProtect
30
+ */
31
+ protected $oFeatureOptions;
32
+
33
  /**
34
  * @var string
35
  */
45
  * @var integer
46
  */
47
  protected $m_nLastLoginTime;
 
 
 
 
 
 
 
 
48
  /**
49
  * @var string
50
  */
51
  protected $nDaysToKeepLog = 1;
52
+
53
  /**
54
+ * @param ICWP_WPSF_FeatureHandler_LoginProtect $oFeatureOptions
 
 
 
55
  */
56
+ public function __construct( ICWP_WPSF_FeatureHandler_LoginProtect $oFeatureOptions ) {
57
+ parent::__construct( $oFeatureOptions, self::TableName );
 
 
 
 
58
  $this->createTable();
59
  $this->reset();
60
  }
65
  public function reset() {
66
  parent::reset();
67
  self::$sModeFile_LoginThrottled = dirname( __FILE__ ).'/../mode.login_throttled';
 
68
  }
69
 
70
  /**
 
71
  *
72
+ * @param array $aOptions
 
 
 
 
 
 
 
 
 
 
 
 
 
73
  */
74
+ public function setOptions( &$aOptions ) {
75
+ parent::setOptions( $aOptions );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
76
  $this->setLoginCooldownInterval();
 
77
  }
78
 
79
  /**
89
  */
90
  protected function getIsTwoFactorAuthOn( $sType = '' ) {
91
 
92
+ $fIp = $this->getIsOption( 'enable_two_factor_auth_by_ip', 'Y' );
93
+ $fCookie = $this->getIsOption( 'enable_two_factor_auth_by_cookie', 'Y' );
94
 
95
  switch( $sType ) {
96
  case 'ip':
104
  break;
105
  }
106
  }
107
+
108
+ /**
109
+ * @return bool|void
110
+ */
111
+ public function getIsLogging() {
112
+ return $this->getIsOption( 'enable_login_protect_log', 'Y' );
113
  }
114
 
115
  /**
134
 
135
  // Add GASP checking to the login form.
136
  if ( $this->getIsOption('enable_login_gasp_check', 'Y') ) {
137
+ add_action( 'login_form', array( $this, 'printGaspLoginCheck_Action' ) );
138
+ add_action( 'woocommerce_login_form', array( $this, 'printGaspLoginCheck_Action' ) );
139
+ add_filter( 'login_form_middle', array( $this, 'printGaspLoginCheck_Filter' ) );
140
+ add_filter( 'authenticate', array( $this, 'checkLoginForGasp_Filter' ), 22, 3);
141
  }
142
 
143
  // Do GASP checking if it's a form submit.
258
  */
259
  public function flushLogData() {
260
 
261
+ if ( !$this->getIsLogging() || empty( $this->m_aLogMessages ) ) {
262
  return false;
263
  }
264
 
277
  $this->loadDataProcessor();
278
  // wpsfkey=%s&wpsf-action=%s&username=%s&uniqueid
279
 
280
+ if ( ICWP_WPSF_DataProcessor::FetchGet( 'wpsfkey' ) !== $this->oFeatureOptions->getTwoAuthSecretKey() ) {
281
  return false;
282
  }
283
 
331
  }
332
 
333
  // Get the last login time (and update it also for the next time)
 
334
  $this->m_nLastLoginTime = $this->getLastLoginTime();
335
 
336
  if ( empty( $this->m_nLastLoginTime ) || $this->m_nLastLoginTime < 0 ) {
337
+ $this->updateLastLoginThrottleTime( self::$nRequestTimestamp );
338
  }
339
 
340
  // If we're outside the interval, let the login process proceed as per normal and
341
  // update our last login time.
342
+ $nLoginInterval = self::$nRequestTimestamp - $this->m_nLastLoginTime;
343
  if ( $nLoginInterval > $nRequiredLoginInterval ) {
344
+ $this->updateLastLoginThrottleTime( self::$nRequestTimestamp );
345
  $this->doStatIncrement( 'login.cooldown.success' );
346
  return $inoUser;
347
  }
383
  $oWpFs = $this->loadFileSystemProcessor();
384
  $this->m_nLastLoginTime = $innLastLoginTime;
385
  $oWpFs->fileAction( 'touch', array(self::$sModeFile_LoginThrottled, $innLastLoginTime) );
 
386
  }
387
 
388
  /**
556
  $fEmailSuccess = $this->sendEmailTwoFactorVerify( $inoUser, $aNewAuthData['ip'], $aNewAuthData['unique_id'] );
557
 
558
  // Failure to send email - log them in.
559
+ if ( !$fEmailSuccess && $this->getIsOption( 'enable_two_factor_bypass_on_email_fail', 'Y' ) ) {
560
  $this->doMakePendingLoginAuthActive( $aNewAuthData );
561
  return $inoUser;
562
  }
648
 
649
  return $sHtml;
650
  }
651
+
652
+ /**
653
+ * @return string
654
+ */
655
  public function getGaspCheckboxName() {
656
+ return $this->oFeatureOptions->doPluginPrefix( $this->oFeatureOptions->getGaspKey(), '_' );
 
 
 
657
  }
658
 
659
  public function doGaspChecks( $insUsername ) {
660
  if ( !isset( $_POST[ $this->getGaspCheckboxName() ] ) ) {
661
  $this->logWarning(
662
+ sprintf( _wpsf__('User "%s" attempted to login but GASP checkbox was not present. Bot Perhaps? IP Address: "%s".'), $insUsername, long2ip(self::$nRequestIp) )
663
  );
664
  $this->doStatIncrement( 'login.gasp.checkbox.fail' );
665
  wp_die( "You must check that box to say you're not a bot." );
667
  }
668
  else if ( isset( $_POST['icwp_wpsf_login_email'] ) && $_POST['icwp_wpsf_login_email'] !== '' ){
669
  $this->logWarning(
670
+ sprintf( _wpsf__('User "%s" attempted to login but they were caught by the GASP honey pot. Bot Perhaps? IP Address: "%s".'), $insUsername, long2ip(self::$nRequestIp) )
671
  );
672
  $this->doStatIncrement( 'login.gasp.honeypot.fail' );
673
  wp_die( _wpsf__('You appear to be a bot - terminating login attempt.') );
676
  return true;
677
  }
678
 
 
 
 
 
 
 
 
 
 
 
 
679
  /**
680
  */
681
  public function setLoginCooldownInterval() {
693
  return false;
694
  }
695
 
 
 
696
  // First set any other pending entries for the given user to be deleted.
697
  $aOldData = array(
698
+ 'deleted_at' => self::$nRequestTimestamp,
699
+ 'expired_at' => self::$nRequestTimestamp,
700
  );
701
  $aOldWhere = array(
702
  'pending' => 1,
708
  // Now add new pending entry
709
  $aNewData = array();
710
  $aNewData[ 'unique_id' ] = uniqid();
711
+ $aNewData[ 'ip_long' ] = self::$nRequestIp;
712
+ $aNewData[ 'ip' ] = long2ip( self::$nRequestIp );
713
  $aNewData[ 'wp_username' ] = $sUsername;
714
  $aNewData[ 'pending' ] = 1;
715
+ $aNewData[ 'created_at' ] = self::$nRequestTimestamp;
716
 
717
  $mResult = $this->insertIntoTable( $aNewData );
718
  if ( $mResult ) {
780
  * @param $sUsername
781
  */
782
  protected function terminateActiveLoginForUser( $sUsername ) {
 
783
  $sQuery = "
784
  UPDATE `%s`
785
  SET `deleted_at` = '%s',
790
  AND `pending` = '0'
791
  ";
792
  $sQuery = sprintf( $sQuery,
793
+ $this->getTableName(),
794
+ self::$nRequestTimestamp,
795
+ self::$nRequestTimestamp,
796
  esc_sql( $sUsername )
797
  );
798
  $this->doSql( $sQuery );
802
  *
803
  */
804
  protected function terminateAllVerifiedLogins() {
 
805
  $sQuery = "
806
  UPDATE `%s`
807
  SET `deleted_at` = '%s',
811
  AND `pending` = '0'
812
  ";
813
  $sQuery = sprintf( $sQuery,
814
+ $this->getTableName(),
815
+ self::$nRequestTimestamp,
816
+ self::$nRequestTimestamp
817
  );
818
+ return $this->doSql( $sQuery );
819
  }
820
 
821
  /**
823
  */
824
  public function setAuthActiveCookie( $insUniqueId ) {
825
  $nWeek = defined( 'WEEK_IN_SECONDS' )? WEEK_IN_SECONDS : 24*60*60;
826
+ setcookie( self::AuthActiveCookie, $insUniqueId, self::$nRequestTimestamp+$nWeek, COOKIEPATH, COOKIE_DOMAIN, false );
827
  }
828
 
829
  /**
845
  ";
846
 
847
  $sQuery = sprintf( $sQuery,
848
+ $this->getTableName(),
849
  $sUsername
850
  );
851
 
855
  // Now we test based on which types of 2-factor auth is enabled
856
  $fVerified = true;
857
  $aUserAuthData = $mResult[0];
858
+ if ( $this->getIsTwoFactorAuthOn('ip') && ( self::$nRequestIp != $aUserAuthData['ip_long'] ) ) {
859
  $fVerified = false;
860
  }
861
  if ( $fVerified && $this->getIsTwoFactorAuthOn('cookie') && !$this->isAuthCookieValid($aUserAuthData['unique_id']) ) {
865
  }
866
  else {
867
  $this->logWarning(
868
+ sprintf( _wpsf__('User "%s" was found to be un-verified at the given IP Address "%s"'), $sUsername, long2ip( self::$nRequestIp ) )
869
  );
870
  return false;
871
  }
889
 
890
  if ( $this->getIsUserLevelSubjectToTwoFactorAuth( $oUser->user_level ) && !$this->isUserVerified( $oUser->user_login ) ) {
891
  $this->logWarning(
892
+ sprintf( _wpsf__('User "%s" was forcefully logged out as they are not verified by either cookie or IP address (or both).'), $oUser->user_login )
893
  );
894
  $this->doStatIncrement( 'login.userverify.fail' );
895
  wp_logout();
909
  protected function generateTwoFactorVerifyLink( $sUser, $sUniqueId ) {
910
  $sSiteUrl = home_url() . '?wpsfkey=%s&wpsf-action=%s&username=%s&uniqueid=%s';
911
  $sAction = 'linkauth';
912
+ return sprintf( $sSiteUrl, $this->oFeatureOptions->getTwoAuthSecretKey(), $sAction, $sUser, $sUniqueId );
913
  }
914
 
915
  /**
935
  // add filters to email sending (for now only Mandrill)
936
  add_filter( 'mandrill_payload', array($this, 'customiseMandrill') );
937
 
938
+ $fResult = $this->getEmailProcessor()->sendEmailTo( $sEmail, $sEmailSubject, $aMessage );
939
  if ( $fResult ) {
940
  $this->logInfo(
941
  sprintf( _wpsf__('User "%s" was sent an email to verify their Identity using Two-Factor Login Auth for IP address "%s".'), $inoUser->user_login, $insIpAddress )
950
  }
951
 
952
  /**
953
+ * @param array $aMessage
954
+ * @return array
955
  */
956
  public function customiseMandrill( $aMessage ) {
957
  if ( empty( $aMessage['text'] ) ) {
975
  `expired_at` int(15) NOT NULL DEFAULT '0',
976
  PRIMARY KEY (`id`)
977
  ) ENGINE=MyISAM DEFAULT CHARSET=utf8;";
978
+ $sSqlTables = sprintf( $sSqlTables, $this->getTableName() );
979
  $mResult = $this->doSql( $sSqlTables );
980
  }
981
 
988
  protected function getLoginAuthData( $inaData ) {
989
 
990
  $sQuery = "SELECT * FROM %s WHERE `unique_id` = `%s` AND `wp_username` = %s";
991
+ $sQuery = sprintf( $sQuery, $this->getTableName(), $inaData['unique_id'], $inaData['wp_username'] );
992
  return $this->selectRowFromTable( $sQuery );
993
  }
994
 
1001
  if ( !$this->getTableExists() ) {
1002
  return;
1003
  }
1004
+ $nTimeStamp = self::$nRequestTimestamp - (DAY_IN_SECONDS * $this->nDaysToKeepLog);
1005
  $this->deleteAllRowsOlderThan( $nTimeStamp );
1006
  }
1007
 
1016
  AND `pending` = '1'
1017
  ";
1018
  $sQuery = sprintf( $sQuery,
1019
+ $this->getTableName(),
1020
  esc_sql( $nTimeStamp )
1021
  );
1022
  $this->doSql( $sQuery );
1026
  endif;
1027
 
1028
  if ( !class_exists('ICWP_WPSF_LoginProtectProcessor') ):
1029
+ class ICWP_WPSF_LoginProtectProcessor extends ICWP_LoginProtectProcessor_V3 { }
1030
  endif;
src/icwp-processor-plugin.php ADDED
@@ -0,0 +1,86 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Copyright (c) 2014 iControlWP <support@icontrolwp.com>
4
+ * All rights reserved.
5
+ *
6
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
7
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
8
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
9
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
10
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
11
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
12
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
13
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
14
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
15
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
16
+ */
17
+
18
+ require_once( dirname(__FILE__).'/icwp-base-processor.php' );
19
+
20
+ if ( !class_exists('ICWP_WPSF_PluginProcessor') ):
21
+
22
+ class ICWP_WPSF_PluginProcessor extends ICWP_WPSF_BaseProcessor {
23
+
24
+ /**
25
+ * @param ICWP_WPSF_FeatureHandler_Plugin $oFeatureOptions
26
+ */
27
+ public function __construct( ICWP_WPSF_FeatureHandler_Plugin $oFeatureOptions ) {
28
+ parent::__construct( $oFeatureOptions );
29
+ }
30
+
31
+ /**
32
+ *
33
+ */
34
+ public function run() {
35
+ $this->removePluginConflicts();
36
+ add_filter( $this->oFeatureOptions->doPluginPrefix( 'show_marketing' ), array( $this, 'getIsShowMarketing' ) );
37
+ }
38
+
39
+ public function getIsShowMarketing( $fShow ) {
40
+ if ( !$fShow ) {
41
+ return $fShow;
42
+ }
43
+
44
+ $oWpFunctions = $this->loadWpFunctionsProcessor();
45
+ if ( class_exists( 'Worpit_Plugin' ) ) {
46
+ if ( method_exists( 'Worpit_Plugin', 'IsLinked' ) ) {
47
+ $fShow = !Worpit_Plugin::IsLinked();
48
+ }
49
+ else if ( $oWpFunctions->getOption( Worpit_Plugin::$VariablePrefix.'assigned' ) == 'Y'
50
+ && $oWpFunctions->getOption( Worpit_Plugin::$VariablePrefix.'assigned_to' ) != '' ) {
51
+
52
+ $fShow = false;
53
+ }
54
+ }
55
+
56
+ if ( $this->getInstallationDays() < 1 ) {
57
+ $fShow = false;
58
+ }
59
+
60
+ return $fShow;
61
+ }
62
+
63
+ /**
64
+ * @return int
65
+ */
66
+ protected function getInstallationDays() {
67
+ $nTimeInstalled = $this->oFeatureOptions->getOpt( 'installation_time' );
68
+ if ( empty($nTimeInstalled) ) {
69
+ return 0;
70
+ }
71
+ return round( ( time() - $nTimeInstalled ) / DAY_IN_SECONDS );
72
+ }
73
+
74
+ /**
75
+ * Lets you remove certain plugin conflicts that might interfere with this plugin
76
+ *
77
+ * @see ICWP_Pure_Base_V1::removePluginConflicts()
78
+ */
79
+ protected function removePluginConflicts() {
80
+ if ( class_exists('AIO_WP_Security') && isset( $GLOBALS['aio_wp_security'] ) ) {
81
+ remove_action( 'init', array( $GLOBALS['aio_wp_security'], 'wp_security_plugin_init'), 0 );
82
+ }
83
+ }
84
+ }
85
+
86
+ endif;
src/icwp-processor-privacyprotect.php CHANGED
@@ -21,10 +21,13 @@ if ( !class_exists('ICWP_PrivacyProtectProcessor_V1') ):
21
 
22
  class ICWP_PrivacyProtectProcessor_V1 extends ICWP_BaseDbProcessor_WPSF {
23
 
24
- const Slug = 'privacy_protect';
25
 
26
- public function __construct( $insOptionPrefix = '' ) {
27
- parent::__construct( $this->constructStorageKey( $insOptionPrefix, self::Slug ), self::Slug );
 
 
 
28
  $this->createTable();
29
  $this->reset();
30
  }
@@ -63,14 +66,13 @@ class ICWP_PrivacyProtectProcessor_V1 extends ICWP_BaseDbProcessor_WPSF {
63
  }
64
 
65
  // Now add new pending entry
66
- $nNow = time();
67
  $aData = array();
68
  $aData[ 'request_url' ] = $sRequestUrl;
69
  $aData[ 'request_method' ] = $aRequestArgs['method'];
70
  $aData[ 'is_ssl' ] = strpos( $sRequestUrl, 'https' ) === 0? 1 : 0;
71
  $aData[ 'is_error' ] = is_wp_error( $oHttpResponse )? 1 : 0;
72
  $aData[ 'request_args' ] = serialize( $aRequestArgs );
73
- $aData[ 'requested_at' ] = $nNow;
74
 
75
  $mResult = $this->insertIntoTable( $aData );
76
  return $mResult;
@@ -161,7 +163,7 @@ class ICWP_PrivacyProtectProcessor_V1 extends ICWP_BaseDbProcessor_WPSF {
161
  `deleted_at` int(15) NOT NULL DEFAULT 0,
162
  PRIMARY KEY (`id`)
163
  ) ENGINE=MyISAM DEFAULT CHARSET=utf8;";
164
- $sSqlTables = sprintf( $sSqlTables, $this->m_sTableName );
165
  $mResult = $this->doSql( $sSqlTables );
166
  }
167
  }
21
 
22
  class ICWP_PrivacyProtectProcessor_V1 extends ICWP_BaseDbProcessor_WPSF {
23
 
24
+ const TableName = 'privacy_protect';
25
 
26
+ /**
27
+ * @param ICWP_WPSF_FeatureHandler_LoginProtect $oFeatureOptions
28
+ */
29
+ public function __construct( ICWP_WPSF_FeatureHandler_LoginProtect $oFeatureOptions ) {
30
+ parent::__construct( $oFeatureOptions, self::TableName );
31
  $this->createTable();
32
  $this->reset();
33
  }
66
  }
67
 
68
  // Now add new pending entry
 
69
  $aData = array();
70
  $aData[ 'request_url' ] = $sRequestUrl;
71
  $aData[ 'request_method' ] = $aRequestArgs['method'];
72
  $aData[ 'is_ssl' ] = strpos( $sRequestUrl, 'https' ) === 0? 1 : 0;
73
  $aData[ 'is_error' ] = is_wp_error( $oHttpResponse )? 1 : 0;
74
  $aData[ 'request_args' ] = serialize( $aRequestArgs );
75
+ $aData[ 'requested_at' ] = self::$nRequestTimestamp;
76
 
77
  $mResult = $this->insertIntoTable( $aData );
78
  return $mResult;
163
  `deleted_at` int(15) NOT NULL DEFAULT 0,
164
  PRIMARY KEY (`id`)
165
  ) ENGINE=MyISAM DEFAULT CHARSET=utf8;";
166
+ $sSqlTables = sprintf( $sSqlTables, $this->getTableName() );
167
  $mResult = $this->doSql( $sSqlTables );
168
  }
169
  }
src/icwp-processor-usermanagement.php ADDED
@@ -0,0 +1,535 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Copyright (c) 2014 iControlWP <support@icontrolwp.com>
4
+ * All rights reserved.
5
+ *
6
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
7
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
8
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
9
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
10
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
11
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
12
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
13
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
14
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
15
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
16
+ */
17
+
18
+ require_once( dirname(__FILE__).'/icwp-basedb-processor.php' );
19
+
20
+ if ( !class_exists('ICWP_WPSF_Processor_UserManagement_V1') ):
21
+
22
+ class ICWP_WPSF_Processor_UserManagement_V1 extends ICWP_BaseDbProcessor_WPSF {
23
+
24
+ const Session_Cookie = 'wpsf_sesh_id';
25
+
26
+ /**
27
+ * @var ICWP_WPSF_FeatureHandler_UserManagement
28
+ */
29
+ protected $oFeatureOptions;
30
+ /**
31
+ * @var string
32
+ */
33
+ protected $nDaysToKeepLog = 30;
34
+
35
+ /**
36
+ * @var string
37
+ */
38
+ protected $sSessionId;
39
+
40
+ /**
41
+ * @param ICWP_WPSF_FeatureHandler_UserManagement $oFeatureOptions
42
+ */
43
+ public function __construct( ICWP_WPSF_FeatureHandler_UserManagement $oFeatureOptions ) {
44
+ parent::__construct( $oFeatureOptions );
45
+ $this->createTable();
46
+ }
47
+
48
+ /**
49
+ */
50
+ public function run() {
51
+ parent::run();
52
+ $this->loadDataProcessor();
53
+
54
+ $sRequestMethod = ICWP_WPSF_DataProcessor::ArrayFetch( $_SERVER, 'REQUEST_METHOD' );
55
+ $fIsPost = strtolower( empty($sRequestMethod)? '' : $sRequestMethod ) == 'post';
56
+
57
+ // Check the current logged-in user every page load.
58
+ add_action( 'init', array( $this, 'checkCurrentUser_Action' ) );
59
+
60
+ // Check login attempts
61
+ // At this stage (30,3) WordPress has already (20) authenticated the user. So if the login
62
+ // is valid, the filter will have a valid WP_User object passed to it.
63
+ add_filter( 'auth_cookie_expiration', array( $this, 'setWordpressTimeoutCookieExpiration_Filter' ), 100, 1 );
64
+
65
+ // Check login attempts
66
+ // At this stage (30,3) WordPress has already (20) authenticated the user. So if the login
67
+ // is valid, the filter will have a valid WP_User object passed to it.
68
+ add_filter( 'authenticate', array( $this, 'createNewUserSession_Filter' ), 30, 3);
69
+
70
+ // When we know user has successfully authenticated and we activate the session entry in the database
71
+ add_action( 'wp_login', array( $this, 'activateUserSession' ) );
72
+
73
+ add_action( 'wp_logout', array( $this, 'onWpLogout' ) );
74
+
75
+ add_filter( 'wp_login_errors', array( $this, 'addLoginMessage' ) );
76
+ }
77
+
78
+ /**
79
+ * @param WP_Error $oError
80
+ * @return WP_Error
81
+ */
82
+ public function addLoginMessage( $oError ) {
83
+
84
+ if ( ! $oError instanceof WP_Error ) {
85
+ $oError = new WP_Error();
86
+ }
87
+
88
+ $this->loadDataProcessor();
89
+ $sForceLogout = ICWP_WPSF_DataProcessor::FetchGet( 'wpsf-forcelogout' );
90
+ if ( $sForceLogout == 1 ) {
91
+ $oError->add( 'wpsf-forcelogout', _wpsf__('Your session has expired.').'<br />'._wpsf__('Please login again.') );
92
+ }
93
+ else if ( $sForceLogout == 2 ) {
94
+ $oError->add( 'wpsf-forcelogout', _wpsf__('Your session was idle for too long.').'<br />'._wpsf__('Please login again.') );
95
+ }
96
+ else if ( $sForceLogout == 3 ) {
97
+ $oError->add( 'wpsf-forcelogout', _wpsf__('Your session was locked to another IP Address.').'<br />'._wpsf__('Please login again.') );
98
+ }
99
+ return $oError;
100
+ }
101
+
102
+ /**
103
+ * Should be hooked to 'init' so we have is_user_logged_in()
104
+ */
105
+ public function checkCurrentUser_Action() {
106
+ $this->getSessionId();
107
+ if ( is_user_logged_in() ) {
108
+ $oUser = wp_get_current_user();
109
+ $this->doVerifyCurrentUser( $oUser );
110
+ $this->updateSessionLastActivityAt( $oUser );
111
+ $this->updateSessionLastActivityUri( $oUser );
112
+ }
113
+ }
114
+
115
+ /**
116
+ * If it cannot verify current user, will forcefully log them out and redirect to login
117
+ */
118
+ public function doVerifyCurrentUser( $oUser ) {
119
+ if ( !is_object( $oUser ) || ! ( $oUser instanceof WP_User ) ) {
120
+ return false;
121
+ }
122
+
123
+ $aLoginSessionData = $this->getUserSessionRecord( $oUser->user_login );
124
+ if ( !$aLoginSessionData ) {
125
+ $this->doLogout();
126
+ }
127
+
128
+ // check timeout interval
129
+ $nSessionTimeoutInterval = $this->getSessionTimeoutInterval();
130
+ if ( $nSessionTimeoutInterval > 0 && ( self::$nRequestTimestamp - $aLoginSessionData['logged_in_at'] > $nSessionTimeoutInterval ) ) {
131
+ $this->doLogout( 'wpsf-forcelogout=1' );
132
+ }
133
+
134
+ // check idle timeout interval
135
+ $nSessionIdleTimeoutInterval = $this->getOption( 'session_idle_timeout_interval', 0 ) * HOUR_IN_SECONDS;
136
+ if ( intval($nSessionIdleTimeoutInterval) > 0 && ( (self::$nRequestTimestamp - $aLoginSessionData['last_activity_at']) > $nSessionIdleTimeoutInterval ) ) {
137
+ $this->doLogout( 'wpsf-forcelogout=2' );
138
+ }
139
+
140
+ // check login ip address
141
+ $fLockToIp = $this->getIsOption( 'session_lock_location', 'Y' );
142
+ if ( $fLockToIp && self::$nRequestIp != $aLoginSessionData['ip_long'] ) {
143
+ $this->doLogout( 'wpsf-forcelogout=3' );
144
+ }
145
+ }
146
+
147
+ /**
148
+ * @return integer
149
+ */
150
+ protected function getSessionTimeoutInterval( ) {
151
+ return $this->getOption( 'session_timeout_interval', 0 ) * DAY_IN_SECONDS;
152
+ }
153
+
154
+ /**
155
+ *
156
+ */
157
+ protected function doLogout( $sParams = '' ) {
158
+ $oWp = $this->loadWpFunctionsProcessor();
159
+ $oWp->logoutUser();
160
+ $oWp->redirectToLogin( $sParams );
161
+ }
162
+
163
+ /**
164
+ * @param integer $nTimeout
165
+ * @return integer
166
+ */
167
+ public function setWordpressTimeoutCookieExpiration_Filter( $nTimeout ) {
168
+ $nSessionTimeoutInterval = $this->getSessionTimeoutInterval();
169
+ return ( ( $nSessionTimeoutInterval > 0 )? $nSessionTimeoutInterval : $nTimeout );
170
+ }
171
+
172
+ /**
173
+ * Should return false when logging is disabled.
174
+ *
175
+ * @return false|array - false when logging is disabled, array with log data otherwise
176
+ * @see ICWP_WPSF_BaseProcessor::getLogData()
177
+ */
178
+ public function flushLogData() {
179
+
180
+ if ( !$this->getIsLogging() || empty( $this->m_aLogMessages ) ) {
181
+ return false;
182
+ }
183
+
184
+ $this->m_aLog = array(
185
+ 'category' => self::LOG_CATEGORY_LOGINPROTECT,
186
+ 'messages' => serialize( $this->m_aLogMessages )
187
+ );
188
+ $this->resetLog();
189
+ return $this->m_aLog;
190
+ }
191
+
192
+ /**
193
+ * If $oUser is a valid WP_User object, then the user logged in correctly.
194
+ *
195
+ * @param WP_User|string $oUser - the docs say the first parameter a string, WP actually gives a WP_User object (or null)
196
+ * @param string $sUsername
197
+ * @param string $sPassword
198
+ * @return WP_Error|WP_User|null - WP_User when the login success AND the IP is authenticated. null when login not successful but IP is valid. WP_Error otherwise.
199
+ */
200
+ public function createNewUserSession_Filter( $oUser, $sUsername, $sPassword ) {
201
+ if ( empty( $sUsername ) ) {
202
+ return $oUser;
203
+ }
204
+
205
+ $aCurrentRecord = $this->getUserSessionRecord( $sUsername );
206
+ if ( !$aCurrentRecord ) {
207
+ $this->addNewPendingUserSession( $sUsername );
208
+ }
209
+
210
+ $this->incrementUserLoginAttempts( $sUsername );
211
+
212
+ $fUserLoginSuccess = is_object( $oUser ) && ( $oUser instanceof WP_User );
213
+ if ( !$fUserLoginSuccess ) {
214
+ return $oUser;
215
+ }
216
+ return $oUser;
217
+ }
218
+
219
+ /**
220
+ *
221
+ */
222
+ public function onWpLogout() {
223
+ $oUser = wp_get_current_user();
224
+ $this->doTerminateUserSession( $oUser->user_login );
225
+ }
226
+
227
+ /**
228
+ * @param $sUsername
229
+ * @return boolean
230
+ */
231
+ protected function doTerminateUserSession( $sUsername ) {
232
+ if ( empty( $sUsername ) ) {
233
+ return false;
234
+ }
235
+
236
+ $aNewData = array(
237
+ 'deleted_at' => self::$nRequestTimestamp
238
+ );
239
+ $aWhere = array(
240
+ 'session_id' => $this->getSessionId(),
241
+ 'wp_username' => $sUsername,
242
+ 'deleted_at' => 0
243
+ );
244
+ $mResult = $this->updateRowsFromTable( $aNewData, $aWhere );
245
+
246
+ unset( $_COOKIE[ self::Session_Cookie ] );
247
+ setcookie( self::Session_Cookie, "", time()-3600, COOKIEPATH, COOKIE_DOMAIN, false );
248
+
249
+ return $mResult;
250
+ }
251
+
252
+ /**
253
+ * @param string $sUsername
254
+ * @return boolean
255
+ */
256
+ protected function addNewPendingUserSession( $sUsername ) {
257
+ if ( empty( $sUsername ) ) {
258
+ return false;
259
+ }
260
+
261
+ $this->loadDataProcessor();
262
+ // Add new session entry
263
+ // set attempts = 1 and then when we know it's a valid login, we zero it.
264
+ // First set any other entries for the given user to be deleted.
265
+ $aNewData = array();
266
+ $aNewData[ 'session_id' ] = $this->getSessionId();
267
+ $aNewData[ 'ip_long' ] = self::$nRequestIp;
268
+ $aNewData[ 'wp_username' ] = $sUsername;
269
+ $aNewData[ 'login_attempts' ] = 0;
270
+ $aNewData[ 'pending' ] = 1;
271
+ $aNewData[ 'logged_in_at' ] = self::$nRequestTimestamp;
272
+ $aNewData[ 'last_activity_at' ] = self::$nRequestTimestamp;
273
+ $aNewData[ 'last_activity_uri' ] = ICWP_WPSF_DataProcessor::FetchServer( 'REQUEST_URI' );
274
+ $aNewData[ 'created_at' ] = self::$nRequestTimestamp;
275
+ $mResult = $this->insertIntoTable( $aNewData );
276
+
277
+ return $mResult;
278
+ }
279
+
280
+ /**
281
+ */
282
+ protected function setSessionCookie() {
283
+ setcookie( self::Session_Cookie, $this->getSessionId(), time()+$this->getSessionTimeoutInterval(), COOKIEPATH, COOKIE_DOMAIN, false );
284
+ }
285
+
286
+ /**
287
+ * @param string $sUsername
288
+ * @return boolean
289
+ */
290
+ protected function incrementUserLoginAttempts( $sUsername ) {
291
+ if ( empty( $sUsername ) ) {
292
+ return false;
293
+ }
294
+
295
+ $aSessionData = $this->getUserSessionRecord( $sUsername );
296
+ $aNewData = array(
297
+ 'login_attempts' => $aSessionData['login_attempts'] + 1
298
+ );
299
+ return $this->updateCurrentSession( $sUsername, $aNewData );
300
+ return $mResult;
301
+ }
302
+
303
+ /**
304
+ * @param string $sUsername
305
+ * @return boolean
306
+ */
307
+ public function activateUserSession( $sUsername ) {
308
+ if ( empty( $sUsername ) ) {
309
+ return false;
310
+ }
311
+
312
+ // First set any other entries for the given user to be deleted.
313
+ $aNewData = array(
314
+ 'pending' => 0,
315
+ 'logged_in_at' => self::$nRequestTimestamp,
316
+ 'last_activity_at' => self::$nRequestTimestamp,
317
+ );
318
+ $aWhere = array(
319
+ 'session_id' => $this->getSessionId(),
320
+ 'pending' => 1,
321
+ 'wp_username' => $sUsername,
322
+ 'deleted_at' => 0
323
+ );
324
+ $mResult = $this->updateRowsFromTable( $aNewData, $aWhere );
325
+
326
+ // Now set session Cookie so it reflects the correct expiry
327
+ $this->setSessionCookie();
328
+ return $mResult;
329
+ }
330
+
331
+ /**
332
+ * @param WP_User $oUser
333
+ * @return boolean
334
+ */
335
+ protected function updateSessionLastActivityAt( $oUser ) {
336
+ if ( !is_object( $oUser ) || ! ( $oUser instanceof WP_User ) ) {
337
+ return false;
338
+ }
339
+
340
+ // First set any other entries for the given user to be deleted.
341
+ $aNewData = array(
342
+ 'last_activity_at' => self::$nRequestTimestamp
343
+ );
344
+ return $this->updateCurrentSession( $oUser->user_login, $aNewData );
345
+ }
346
+
347
+ /**
348
+ * @param WP_User $oUser
349
+ * @return boolean
350
+ */
351
+ protected function updateSessionLastActivityUri( $oUser ) {
352
+ if ( !is_object( $oUser ) || ! ( $oUser instanceof WP_User ) ) {
353
+ return false;
354
+ }
355
+
356
+ $this->loadDataProcessor();
357
+ // First set any other entries for the given user to be deleted.
358
+ $aNewData = array(
359
+ 'last_activity_uri' => ICWP_WPSF_DataProcessor::FetchServer( 'REQUEST_URI' )
360
+ );
361
+ $mResult = $this->updateCurrentSession( $oUser->user_login, $aNewData );
362
+ return $mResult;
363
+ }
364
+
365
+ /**
366
+ * @param $sUsername
367
+ * @param $aUpdateData
368
+ * @return boolean
369
+ */
370
+ protected function updateCurrentSession( $sUsername, $aUpdateData ) {
371
+ $aWhere = array(
372
+ 'session_id' => $this->getSessionId(),
373
+ 'deleted_at' => 0,
374
+ 'wp_username' => $sUsername
375
+ );
376
+ $mResult = $this->updateRowsFromTable( $aUpdateData, $aWhere );
377
+ return $mResult;
378
+ }
379
+
380
+ /**
381
+ * Checks for and gets a user session.
382
+ *
383
+ * @return array|boolean
384
+ */
385
+ public function getActiveUserSessionRecords() {
386
+
387
+ $sQuery = "
388
+ SELECT *
389
+ FROM `%s`
390
+ WHERE
391
+ `pending` = '0'
392
+ AND `deleted_at` = '0'
393
+ ";
394
+ $sQuery = sprintf(
395
+ $sQuery,
396
+ $this->getTableName()
397
+ );
398
+
399
+ return $this->selectCustomFromTable( $sQuery );
400
+ }
401
+
402
+ /**
403
+ * Checks for and gets a user session.
404
+ *
405
+ * @param integer $nTime - number of seconds back from now to look
406
+ * @return array|boolean
407
+ */
408
+ public function getPendingOrFailedUserSessionRecordsSince( $nTime = 0 ) {
409
+
410
+ $nTime = ( $nTime <= 0 ) ? 2*DAY_IN_SECONDS : $nTime;
411
+
412
+ $sQuery = "
413
+ SELECT *
414
+ FROM `%s`
415
+ WHERE
416
+ `pending` = '1'
417
+ AND `deleted_at` = '0'
418
+ AND `created_at` > '%s'
419
+ ";
420
+ $sQuery = sprintf(
421
+ $sQuery,
422
+ $this->getTableName(),
423
+ ( self::$nRequestTimestamp - $nTime )
424
+ );
425
+
426
+ return $this->selectCustomFromTable( $sQuery );
427
+ }
428
+
429
+ /**
430
+ * Checks for and gets a user session.
431
+ *
432
+ * @param string $sUsername
433
+ * @return array|boolean
434
+ */
435
+ protected function getUserSessionRecord( $sUsername ) {
436
+
437
+ $sQuery = "
438
+ SELECT *
439
+ FROM `%s`
440
+ WHERE
441
+ `wp_username` = '%s'
442
+ AND `session_id` = '%s'
443
+ AND `deleted_at` = '0'
444
+ ";
445
+ $sQuery = sprintf( $sQuery,
446
+ $this->getTableName(),
447
+ $sUsername,
448
+ $this->getSessionId()
449
+ );
450
+
451
+ $mResult = $this->selectCustomFromTable( $sQuery );
452
+ if ( is_array( $mResult ) && count( $mResult ) == 1 ) {
453
+ return $mResult[0];
454
+ }
455
+ else {
456
+ $this->logWarning(
457
+ sprintf( _wpsf__('User "%s" was found to be un-verified at the given IP Address "%s"'), $sUsername, long2ip( self::$nRequestIp ) )
458
+ );
459
+ return false;
460
+ }
461
+ }
462
+
463
+ /**
464
+ *
465
+ */
466
+ protected function getSessionId() {
467
+ if ( empty( $this->sSessionId ) ) {
468
+ $this->loadDataProcessor();
469
+ $this->sSessionId = ICWP_WPSF_DataProcessor::FetchCookie( self::Session_Cookie );
470
+ if ( is_null( $this->sSessionId ) ) {
471
+ $this->sSessionId = md5( uniqid() );
472
+ $this->setSessionCookie();
473
+ }
474
+ }
475
+ return $this->sSessionId;
476
+ }
477
+
478
+ public function createTable() {
479
+
480
+ // Set up login processor table
481
+ $sSqlTables = "CREATE TABLE IF NOT EXISTS `%s` (
482
+ `id` int(11) NOT NULL AUTO_INCREMENT,
483
+ `session_id` varchar(32) NOT NULL DEFAULT '',
484
+ `wp_username` varchar(255) NOT NULL DEFAULT '',
485
+ `ip_long` bigint(20) NOT NULL DEFAULT '0',
486
+ `logged_in_at` int(15) NOT NULL DEFAULT '0',
487
+ `last_activity_at` int(15) NOT NULL DEFAULT '0',
488
+ `last_activity_uri` text NOT NULL DEFAULT '',
489
+ `used_mfa` int(1) NOT NULL DEFAULT '0',
490
+ `pending` int(1) NOT NULL DEFAULT '0',
491
+ `login_attempts` int(1) NOT NULL DEFAULT '0',
492
+ `created_at` int(15) NOT NULL DEFAULT '0',
493
+ `deleted_at` int(15) NOT NULL DEFAULT '0',
494
+ PRIMARY KEY (`id`)
495
+ ) ENGINE=MyISAM DEFAULT CHARSET=utf8;";
496
+ $sSqlTables = sprintf( $sSqlTables, $this->getTableName() );
497
+ $mResult = $this->doSql( $sSqlTables );
498
+ }
499
+
500
+ /**
501
+ * This is hooked into a cron in the base class and overrides the parent method.
502
+ *
503
+ * It'll delete everything older than 24hrs.
504
+ */
505
+ public function cleanupDatabase() {
506
+ if ( !$this->getTableExists() ) {
507
+ return;
508
+ }
509
+ $nTimeStamp = self::$nRequestTimestamp - (DAY_IN_SECONDS * $this->nDaysToKeepLog);
510
+ $this->deleteAllRowsOlderThan( $nTimeStamp );
511
+ }
512
+
513
+ /**
514
+ * @param $nTimeStamp
515
+ */
516
+ protected function deleteAllRowsOlderThan( $nTimeStamp ) {
517
+ $sQuery = "
518
+ DELETE from `%s`
519
+ WHERE
520
+ `created_at` < '%s'
521
+ AND `pending` = '1'
522
+ ";
523
+ $sQuery = sprintf( $sQuery,
524
+ $this->getTableName(),
525
+ esc_sql( $nTimeStamp )
526
+ );
527
+ $this->doSql( $sQuery );
528
+ }
529
+
530
+ }
531
+ endif;
532
+
533
+ if ( !class_exists('ICWP_WPSF_Processor_UserManagement') ):
534
+ class ICWP_WPSF_Processor_UserManagement extends ICWP_WPSF_Processor_UserManagement_V1 { }
535
+ endif;
src/icwp-pure-base.php CHANGED
@@ -8,97 +8,61 @@ require_once( dirname(__FILE__).'/icwp-once.php' );
8
  require_once( dirname(__FILE__).'/icwp-wpfunctions.php' );
9
  require_once( dirname(__FILE__).'/icwp-wpfilesystem.php' );
10
 
11
- if ( !class_exists('ICWP_Pure_Base_V4') ):
12
 
13
- class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
14
 
15
- const BaseTitle = 'iControlWP Plugins';
16
- const BaseSlug = 'icwp';
17
- const BasePermissions = 'manage_options';
18
-
19
  const ViewExt = '.php';
20
  const ViewDir = 'views';
21
-
22
  /**
23
- * @var string
24
  */
25
- protected $m_sVersion;
 
26
  /**
27
  * Set to true if it should never be shown in the dashboard
28
  * @var string
29
  */
30
- protected $m_fHeadless = false;
31
- /**
32
- * Set to true if this contains components from another plugin to stand alone
33
- * @var string
34
- */
35
- protected $m_fStandAlone = false;
36
  /**
37
  * Set to true if this contains components from another plugin to stand alone
38
  * @var string
39
  */
40
  protected $m_sAutoUpdateUrl = '';
41
- /**
42
- * @var boolean
43
- */
44
- protected $m_fIsMultisite;
45
- /**
46
- * @var boolean
47
- */
48
- protected $m_fNetworkAdminOnly = false;
49
-
50
- /**
51
- * @var string
52
- */
53
- protected $m_sPluginHumanName;
54
- /**
55
- * @var string
56
- */
57
- protected $m_sPluginTextDomain;
58
- /**
59
- * @var string
60
- */
61
- protected $m_sPluginMenuTitle;
62
 
63
  /**
64
  * @var string
65
  */
66
- protected $m_sPluginRootFile;
67
- /**
68
- * @var string
69
- */
70
- protected $m_sPluginName;
71
  /**
72
  * @var string
73
  */
74
- protected $m_sPluginDir;
75
  /**
76
  * @var string
77
  */
78
- protected $m_sPluginPath;
79
  /**
80
  * @var string
81
  */
82
- protected $m_sPluginFile;
83
  /**
84
  * @var string
85
  */
86
- protected $m_sPluginUrl;
87
  /**
88
  * @var string
89
  */
90
  protected static $sOptionPrefix = '';
91
 
92
- protected $m_aPluginMenu;
93
 
94
- protected $m_sParentMenuIdSuffix;
95
-
96
- protected $m_sPluginSlug;
97
 
98
  protected $fShowMarketing;
99
 
100
- protected $m_fAutoPluginUpgrade = false;
101
-
102
  /**
103
  * @var ICWP_WpFunctions_WPSF;
104
  */
@@ -109,8 +73,15 @@ class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
109
  */
110
  protected $m_oWpFs;
111
 
112
- public function __construct() {
113
-
 
 
 
 
 
 
 
114
  add_action( 'plugins_loaded', array( $this, 'onWpPluginsLoaded' ) );
115
  add_action( 'init', array( $this, 'onWpInit' ), 0 );
116
  if ( $this->isValidAdminArea() ) {
@@ -118,44 +89,51 @@ class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
118
  add_action( 'admin_notices', array( $this, 'onWpAdminNotices' ) );
119
  add_action( 'network_admin_notices', array( $this, 'onWpAdminNotices' ) );
120
  add_action( 'admin_menu', array( $this, 'onWpAdminMenu' ) );
121
- add_action( 'network_admin_menu', array( $this, 'onWpNetworkAdminMenu' ) );
122
  add_action( 'plugin_action_links', array( $this, 'onWpPluginActionLinks' ), 10, 4 );
123
- add_action( 'deactivate_plugin', array( $this, 'onWpHookDeactivatePlugin' ), 1, 1 );
124
  add_action( 'wp_before_admin_bar_render', array( $this, 'onWpAdminBar' ), 1, 9999 );
125
  }
126
- add_action( 'in_plugin_update_message-'.$this->m_sPluginFile, array( $this, 'onWpPluginUpdateMessage' ) );
127
  add_action( 'shutdown', array( $this, 'onWpShutdown' ) );
 
128
 
129
- $this->m_fIsMultisite = function_exists( 'is_multisite' ) && is_multisite();
130
- $this->m_oWpFs = ICWP_WpFilesystem_WPSF::GetInstance();
131
- $this->setPaths();
132
  $this->registerActivationHooks();
133
  }
134
-
135
  /**
136
- * This is a generic plugin auto-update checker. Since the library is never included WordPress.org
137
- * plugins, this may never actually run.
138
- *
139
- * @return void
140
  */
141
- protected function setupAutoUpdates() {
142
- $sLibSource = $this->m_sPluginDir.'/src/lib/plugin-update-checker.php';
143
- if ( !is_file($sLibSource) || empty( $this->m_sAutoUpdateUrl ) ) {
144
- return;
 
 
 
 
 
 
 
 
 
 
 
 
145
  }
146
- require_once( $sLibSource );
147
- $oUpdateChecker = new PluginUpdateChecker(
148
- $this->m_sAutoUpdateUrl,
149
- $this->m_sPluginRootFile,
150
- $this->m_sPluginTextDomain
151
- );
152
  }
153
 
154
  protected function isValidAdminArea() {
155
- if ( !$this->m_fIsMultisite && is_admin() ) {
 
156
  return true;
157
  }
158
- else if ( $this->m_fNetworkAdminOnly && $this->m_fIsMultisite && is_network_admin() ) {
159
  return true;
160
  }
161
  return false;
@@ -165,58 +143,60 @@ class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
165
  * Registers the plugins activation, deactivate and uninstall hooks.
166
  */
167
  protected function registerActivationHooks() {
168
- register_activation_hook( $this->m_sPluginRootFile, array( $this, 'onWpActivatePlugin' ) );
169
- register_deactivation_hook( $this->m_sPluginRootFile, array( $this, 'onWpDeactivatePlugin' ) );
170
- // register_uninstall_hook( $this->m_sPluginRootFile, array( $this, 'onWpUninstallPlugin' ) );
171
  }
172
 
173
  /**
174
  * @since v3.0.0
175
  */
176
  protected function setPaths() {
177
-
178
- if ( empty( $this->m_sPluginRootFile ) ) {
179
- $this->m_sPluginRootFile = __FILE__;
180
  }
181
- $this->m_sPluginName = basename( $this->m_sPluginRootFile );
182
- $this->m_sPluginPath = plugin_basename( dirname( $this->m_sPluginRootFile ) );
183
- $this->m_sPluginFile = plugin_basename( $this->m_sPluginRootFile );
184
- $this->m_sPluginDir = dirname( $this->m_sPluginRootFile ).ICWP_DS;
185
- $this->m_sPluginUrl = plugins_url( '/', $this->m_sPluginRootFile ) ; //this seems to use SSL more reliably than WP_PLUGIN_URL
186
  }
187
 
188
  /**
 
 
189
  * @return string
190
  */
191
- public function getPluginFile() {
192
- return $this->m_sPluginFile;
 
 
 
193
  }
194
 
195
  /**
 
196
  * @return boolean
197
  */
198
- protected function hasPermissionToView() {
199
- return $this->hasPermissionToSubmit();
200
  }
 
201
  /**
 
202
  * @return boolean
203
  */
204
- protected function hasPermissionToSubmit() {
205
  // first a basic admin check
206
- return is_super_admin() && current_user_can( 'manage_options' );
207
  }
208
 
209
  public function doPluginUpdateCheck() {
210
- $this->loadWpFunctions();
211
- $this->m_oWpFunctions->getIsPluginUpdateAvailable( $this->m_sPluginPath );
212
- }
213
-
214
- protected function getFullParentMenuId() {
215
- return self::BaseSlug .'-'. $this->m_sParentMenuIdSuffix;
216
  }
217
 
218
  protected function display( $insView, $inaData = array() ) {
219
- $sFile = $this->m_sPluginDir.self::ViewDir.ICWP_DS.$insView.self::ViewExt;
220
 
221
  if ( !is_file( $sFile ) ) {
222
  echo "View not found: ".$sFile;
@@ -224,7 +204,7 @@ class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
224
  }
225
 
226
  if ( count( $inaData ) > 0 ) {
227
- extract( $inaData, EXTR_PREFIX_ALL, self::BaseSlug );
228
  }
229
 
230
  ob_start();
@@ -236,58 +216,43 @@ class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
236
  return true;
237
  }
238
 
239
- protected function getSubmenuPageTitle( $insTitle ) {
240
- return self::BaseTitle.' - '.$insTitle;
241
- }
242
- protected function getSubmenuId( $insId = '' ) {
243
- $sExtension = empty($insId)? '' : '-'.$insId;
244
- return $this->getFullParentMenuId().$sExtension;
245
  }
246
 
247
  /**
248
  * Hooked to 'plugins_loaded'
249
  */
250
  public function onWpPluginsLoaded() {
251
- $this->setupAutoUpdates();
252
  if ( is_admin() ) {
253
  //Handle plugin upgrades
254
- $this->handlePluginUpgrade();
255
  $this->doPluginUpdateCheck();
256
  $this->load_textdomain();
257
  }
258
- if ( $this->isIcwpPluginFormSubmit() ) {
259
- $this->handlePluginFormSubmit();
260
- }
261
- add_filter( 'all_plugins', array( $this, 'hidePluginFromTableList' ) );
262
- add_filter( 'site_transient_update_plugins', array( $this, 'hidePluginUpdatesFromUI' ) );
263
- $this->removePluginConflicts(); // removes conflicts with other plugins
264
  }
265
 
266
- /**
267
- * Override this to remove conflicts with other plugins that may have loaded
268
- * that interfere with normal operations.
269
- */
270
- protected function removePluginConflicts() {}
271
-
272
  /**
273
  * Added to a WordPress filter ('all_plugins') which will remove this particular plugin from the
274
  * list of all plugins based on the "plugin file" name.
275
  *
276
  * @uses $this->m_fHeadless if the plugin is headless, it is hidden
 
277
  * @return array
278
  */
279
- public function hidePluginFromTableList( $inaPlugins ) {
280
 
281
- if ( !$this->m_fHeadless ) {
282
- return $inaPlugins;
283
  }
284
-
285
- foreach ( $inaPlugins as $sName => $aData ) {
286
- if ( $this->m_sPluginFile === $sName ) {
287
- unset( $inaPlugins[$sName] );
288
- }
289
  }
290
- return $inaPlugins;
291
  }
292
 
293
  /**
@@ -297,41 +262,36 @@ class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
297
  * In order to ensure that WordPress still checks for plugin updates it will not remove this plugin from
298
  * the list of plugins if DOING_CRON is set to true.
299
  *
300
- * @uses $this->m_fHeadless if the plugin is headless, it is hidden
301
- * @return StdClass
 
302
  */
303
- public function hidePluginUpdatesFromUI( $inoPlugins ) {
304
 
305
- if ( ( defined( 'DOING_CRON' ) && DOING_CRON ) || !$this->m_fHeadless ) {
306
- return $inoPlugins;
307
  }
308
-
309
- if ( !empty( $inoPlugins->response ) ) {
310
- $aResponse = $inoPlugins->response;
311
- foreach ( $aResponse as $sPluginFile => $oData ) {
312
- if ( $sPluginFile == $this->m_sPluginFile ) {
313
- unset( $inoPlugins->response[$sPluginFile] );
314
- }
315
- }
316
  }
317
- return $inoPlugins;
 
318
  }
319
 
320
  /**
321
  * Load the multilingual aspect of the plugin
322
  */
323
  public function load_textdomain() {
324
- $stest = dirname( $this->m_sPluginRootFile );
325
- // var_dump($stest);
326
- // var_dump($this->m_sPluginTextDomain);
327
- load_plugin_textdomain( $this->m_sPluginTextDomain, false, dirname($this->m_sPluginFile) . '/languages/' );
328
  }
329
 
330
  public function onWpInit() { }
331
 
332
  public function onWpAdminInit() {
333
  //Do Plugin-Specific Admin Work
334
- if ( $this->isIcwpPluginAdminPage() ) {
335
  add_action( 'admin_enqueue_scripts', array( $this, 'enqueueBootstrapLegacyAdminCss' ), 99 );
336
  add_action( 'admin_enqueue_scripts', array( $this, 'enqueuePluginAdminCss' ), 99 );
337
  }
@@ -343,47 +303,63 @@ class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
343
  }
344
  $this->createMenu();
345
  }
346
-
347
- public function onWpNetworkAdminMenu() {
348
- if ( !$this->isValidAdminArea() ) {
349
- return true;
350
- }
351
- $this->createMenu();
352
- }
353
-
354
  protected function createMenu() {
355
 
356
- if ( $this->m_fHeadless ) {
357
  return true;
358
  }
359
 
360
- $sFullParentMenuId = $this->getFullParentMenuId();
361
- add_menu_page( self::BaseTitle, $this->m_sPluginMenuTitle, self::BasePermissions, $sFullParentMenuId, array( $this, 'onDisplayAll' ), $this->getPluginLogoUrl16() );
362
  //Create and Add the submenu items
363
- $this->createPluginSubMenuItems();
364
- if ( !empty($this->m_aPluginMenu) ) {
365
- foreach ( $this->m_aPluginMenu as $sMenuTitle => $aMenu ) {
366
- list( $sMenuItemText, $sMenuItemId, $sMenuCallBack ) = $aMenu;
367
- add_submenu_page( $sFullParentMenuId, $sMenuTitle, $sMenuItemText, self::BasePermissions, $sMenuItemId, array( $this, $sMenuCallBack ) );
 
 
 
 
 
 
 
 
 
 
 
 
368
  }
369
  }
 
 
 
 
 
 
370
  $this->fixSubmenu();
371
  }
372
 
373
- protected function createPluginSubMenuItems(){
374
- /* Override to create array of sub-menu items
375
- $this->m_aPluginMenu = array(
376
- //Menu Page Title => Menu Item name, page ID (slug), callback function onLoad.
377
- $this->getSubmenuPageTitle( 'Content by Country' ) => array( 'Content by Country', $this->getSubmenuId('main'), 'onDisplayCbcMain' ),
378
- );
379
- */
380
  }
381
 
 
 
 
 
 
382
  protected function fixSubmenu() {
383
  global $submenu;
384
- $sFullParentMenuId = $this->getFullParentMenuId();
385
  if ( isset( $submenu[$sFullParentMenuId] ) ) {
386
- $submenu[$sFullParentMenuId][0][0] = 'Dashboard';
 
387
  }
388
  }
389
 
@@ -399,24 +375,51 @@ class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
399
  * The callback function for the main admin menu index page
400
  */
401
  public function onDisplayMainMenu() {
402
- $aData = array(
403
- 'plugin_url' => $this->m_sPluginUrl,
404
- 'fShowAds' => $this->isShowMarketing()
405
- );
406
- $this->display( self::BaseSlug.'_'.$this->m_sParentMenuIdSuffix.'_index', $aData );
407
  }
408
 
409
- protected function getBaseDisplayData( $insSubmenuId = '' ) {
410
  return array(
411
- 'plugin_url' => $this->m_sPluginUrl,
412
  'var_prefix' => self::$sOptionPrefix,
413
- 'sPluginName' => $this->m_sPluginHumanName,
414
  'fShowAds' => $this->isShowMarketing(),
415
- 'nonce_field' => $this->getSubmenuId( $insSubmenuId ),
416
- 'form_action' => 'admin.php?page='.$this->getSubmenuId( $insSubmenuId )
417
  );
418
  }
419
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
420
  /**
421
  * @return bool
422
  */
@@ -446,21 +449,22 @@ class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
446
  *
447
  * @see ICWP_Pure_Base_V1::onWpPluginActionLinks()
448
  */
449
- public function onWpPluginActionLinks( $inaActionLinks, $insFile ) {
450
 
451
- if ( $insFile == $this->m_sPluginFile ) {
452
  if ( !$this->hasPermissionToSubmit() ) {
453
- if ( array_key_exists( 'edit', $inaActionLinks ) ) {
454
- unset( $inaActionLinks['edit'] );
455
  }
456
- if ( array_key_exists( 'deactivate', $inaActionLinks ) ) {
457
- unset( $inaActionLinks['deactivate'] );
458
  }
459
  }
460
- $sSettingsLink = '<a href="'.network_admin_url( "admin.php" ).'?page='.$this->getSubmenuId().'">' . 'Dashboard' . '</a>';
461
- array_unshift( $inaActionLinks, $sSettingsLink );
 
462
  }
463
- return $inaActionLinks;
464
  }
465
 
466
  /**
@@ -468,7 +472,7 @@ class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
468
  */
469
  public function onWpAdminNotices() {
470
  // Do we have admin priviledges?
471
- if ( !$this->isValidAdminArea() || !current_user_can( 'manage_options' ) ) {
472
  return true;
473
  }
474
 
@@ -494,13 +498,9 @@ class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
494
  if ( isset( $GLOBALS['pagenow'] ) && $GLOBALS['pagenow'] == 'update.php' ) {
495
  return;
496
  }
497
- // We need to have the correct plugin file set before proceeding.
498
- if ( !isset( $this->m_sPluginFile ) ) {
499
- return;
500
- }
501
 
502
  $this->loadWpFunctions();
503
- $oUpdate = $this->m_oWpFunctions->getIsPluginUpdateAvailable( $this->m_sPluginFile );
504
  if ( !$oUpdate ) {
505
  return;
506
  }
@@ -518,7 +518,7 @@ class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
518
  protected function doAdminNoticePostUpgrade() {
519
 
520
  $sCurrentMetaValue = $this->getUserMeta( 'current_version' );
521
- if ( $sCurrentMetaValue === $this->m_sVersion ) {
522
  return;
523
  }
524
  $sHtml = $this->getAdminNoticeHtml_VersionUpgrade();
@@ -563,9 +563,9 @@ class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
563
  * Override this to change the message for the particular plugin upgrade.
564
  */
565
  protected function getAdminNoticeHtml_PluginUpgradeAvailable() {
566
- $sUpgradeLink = $this->m_oWpFunctions->getPluginUpgradeLink( $this->m_sPluginFile );
567
  $sNotice = '<p>There is an update available for the %s plugin. <a href="%s">Click to update immediately</a>.</p>';
568
- $sNotice = sprintf( $sNotice, $this->m_sPluginHumanName, $sUpgradeLink );
569
  return $sNotice;
570
  }
571
 
@@ -598,7 +598,7 @@ class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
598
  return $sFullNotice;
599
  }
600
  }
601
-
602
  /**
603
  *
604
  */
@@ -615,6 +615,7 @@ class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
615
  protected function updateTranslationNoticeShownUserMeta( $nId = '', $sValue = 'Y' ) {
616
  $this->updateUserMeta( 'plugin_translation_notice', $sValue, $nId );
617
  }
 
618
  /**
619
  * Updates the current (or supplied user ID) user meta data with the version of the plugin
620
  *
@@ -628,10 +629,10 @@ class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
628
  /**
629
  * Updates the current (or supplied user ID) user meta data with the version of the plugin
630
  *
631
- * @param unknown_type $innId
632
  */
633
- protected function updateVersionUserMeta( $innId = '' ) {
634
- $this->updateUserMeta( 'current_version', $this->m_sVersion, $innId );
635
  }
636
 
637
  /**
@@ -664,7 +665,7 @@ class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
664
  }
665
  $nUserId = $oCurrentUser->ID;
666
 
667
- $sCurrentMetaValue = get_user_meta( $nUserId, self::$sOptionPrefix.$sKey, true );
668
  // A guard whereby if we can't ever get a value for this meta, it means we can never set it.
669
  if ( empty( $sCurrentMetaValue ) ) {
670
  //the value has never been set, or it's been installed for the first time.
@@ -686,50 +687,63 @@ class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
686
  return $current_user;
687
  }
688
 
689
- /**
690
- * This is called from within onWpAdminInit. Use this solely to manage upgrades of the plugin
691
- */
692
- protected function handlePluginUpgrade() {
693
- if ( !is_admin() || !current_user_can( 'manage_options' ) ) {
694
- return;
695
  }
696
- if ( $this->m_fAutoPluginUpgrade ) {
697
- $this->loadWpFunctions();
698
- $this->m_oWpFunctions->doPluginUpgrade( $this->m_sPluginFile );
 
 
 
 
 
699
  }
700
  }
701
 
702
- protected function handlePluginFormSubmit() { }
703
-
 
704
  protected function isIcwpPluginFormSubmit() {
705
- return isset( $_POST['icwp_plugin_form_submit'] );
706
- }
 
707
 
708
- protected function isIcwpPluginAdminPage() {
709
- $sSubPageNow = isset( $_GET['page'] )? $_GET['page']: '';
710
- if ( is_admin() && !empty($sSubPageNow) && (strpos( $sSubPageNow, $this->getFullParentMenuId() ) === 0 )) { //admin area, and the 'page' begins with 'worpit'
711
- return true;
 
 
 
 
 
712
  }
713
  return false;
714
  }
715
-
716
  public function enqueueBootstrapAdminCss() {
717
- wp_register_style( self::$sOptionPrefix.'bootstrap_wpadmin_css', $this->getCssUrl( 'bootstrap-wpadmin.css' ), false, $this->m_sVersion );
718
- wp_enqueue_style( self::$sOptionPrefix.'bootstrap_wpadmin_css' );
 
719
  }
720
 
721
  public function enqueueBootstrapLegacyAdminCss() {
722
- wp_register_style( self::$sOptionPrefix.'bootstrap_wpadmin_legacy_css', $this->getCssUrl( 'bootstrap-wpadmin-legacy.css' ), false, $this->m_sVersion );
723
- wp_enqueue_style( self::$sOptionPrefix.'bootstrap_wpadmin_legacy_css' );
724
- wp_register_style( self::$sOptionPrefix.'bootstrap_wpadmin_css_fixes', $this->getCssUrl('bootstrap-wpadmin-fixes.css'), array( self::$sOptionPrefix.'bootstrap_wpadmin_legacy_css'), $this->m_sVersion );
725
- wp_enqueue_style( self::$sOptionPrefix.'bootstrap_wpadmin_css_fixes' );
 
 
 
726
  }
727
 
728
  public function enqueuePluginAdminCss() {
729
- wp_register_style( self::$sOptionPrefix.'plugin_css', $this->getCssUrl('plugin.css'), array(self::$sOptionPrefix.'bootstrap_wpadmin_css_fixes'), $this->m_sVersion );
730
- wp_enqueue_style( self::$sOptionPrefix.'plugin_css' );
 
731
  }
732
-
733
  protected function redirect( $insUrl, $innTimeout = 1 ) {
734
  echo '
735
  <script type="text/javascript">
@@ -742,7 +756,6 @@ class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
742
 
743
  /**
744
  * Displays a message in the plugins listing when a plugin has an update available.
745
- * @param string $insPlugin
746
  */
747
  public function onWpPluginUpdateMessage() {
748
  echo '<div style="color: #dd3333;">'
@@ -759,7 +772,7 @@ class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
759
  * @param string $insPlugin
760
  */
761
  public function onWpHookDeactivatePlugin( $insPlugin ) {
762
- if ( strpos( $insPlugin, $this->m_sPluginName ) !== false ) {
763
  $this->doPreventDeactivation( $insPlugin );
764
  }
765
  }
@@ -772,68 +785,38 @@ class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
772
  wp_die( 'Sorry, you do not have permission to disable this plugin. You need to authenticate first.' );
773
  }
774
  }
775
-
776
- /**
777
- * Gets the WordPress option based on this object's option prefix.
778
- * @param string $insKey
779
- * @return mixed
780
- */
781
- public function getOption( $insKey ) {
782
- return get_option( $this->getOptionKey($insKey) );
783
- }
784
-
785
- /**
786
- * @param string $insKey
787
- * @param mixed $insValue
788
- * @return boolean
789
- */
790
- public function addOption( $insKey, $inmValue ) {
791
- return add_option( $this->getOptionKey($insKey), $inmValue );
792
- }
793
-
794
- /**
795
- * @param string $insKey
796
- * @param mixed $inmValue
797
- * @return boolean
798
- */
799
- public function updateOption( $insKey, $inmValue ) {
800
- return update_option( $this->getOptionKey($insKey), $inmValue );
801
- }
802
-
803
- /**
804
- * @param string $insKey
805
- * @return boolean
806
- */
807
- public function deleteOption( $insKey ) {
808
- return delete_option( $this->getOptionKey($insKey) );
809
- }
810
-
811
- public function getOptionKey( $insKey ) {
812
- return self::$sOptionPrefix.$insKey;
813
- }
814
 
815
  /**
816
  * Use this to wrap up the function when the PHP process is coming to an end. Call from onWpShudown()
817
  */
818
- protected function shutdown() {
819
-
820
- }
821
 
822
  /**
823
  * Hooked to 'shutdown'
824
  */
825
  public function onWpShutdown() {
826
- $this->shutdown();
827
  }
828
 
829
  public function onWpActivatePlugin() { }
830
  public function onWpDeactivatePlugin() { }
831
  public function onWpUninstallPlugin() { }
832
-
 
 
 
833
  protected function loadWpFunctions() {
834
  if ( !isset( $this->m_oWpFunctions ) ) {
835
  $this->m_oWpFunctions = ICWP_WpFunctions_WPSF::GetInstance();
836
  }
 
 
 
 
 
 
 
 
837
  }
838
 
839
  protected function flushCaches() {
@@ -843,13 +826,13 @@ class ICWP_Pure_Base_V4 extends ICWP_WPSF_Once {
843
  }
844
 
845
  protected function getImageUrl( $insImage ) {
846
- return $this->m_sPluginUrl.'resources/images/'.$insImage;
847
  }
848
  protected function getCssUrl( $insCss ) {
849
- return $this->m_sPluginUrl.'resources/css/'.$insCss;
850
  }
851
  protected function getJsUrl( $insJs ) {
852
- return $this->m_sPluginUrl.'resources/js/'.$insJs;
853
  }
854
 
855
  /**
8
  require_once( dirname(__FILE__).'/icwp-wpfunctions.php' );
9
  require_once( dirname(__FILE__).'/icwp-wpfilesystem.php' );
10
 
11
+ if ( !class_exists('ICWP_Pure_Base_V5') ):
12
 
13
+ class ICWP_Pure_Base_V5 extends ICWP_WPSF_Once {
14
 
 
 
 
 
15
  const ViewExt = '.php';
16
  const ViewDir = 'views';
17
+
18
  /**
19
+ * @var ICWP_Wordpress_Simple_Firewall_Plugin
20
  */
21
+ protected $oPluginVo;
22
+
23
  /**
24
  * Set to true if it should never be shown in the dashboard
25
  * @var string
26
  */
27
+ protected $fHeadless = false;
28
+
 
 
 
 
29
  /**
30
  * Set to true if this contains components from another plugin to stand alone
31
  * @var string
32
  */
33
  protected $m_sAutoUpdateUrl = '';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
34
 
35
  /**
36
  * @var string
37
  */
38
+ protected $sPluginRootFile;
 
 
 
 
39
  /**
40
  * @var string
41
  */
42
+ protected $sPluginFileName;
43
  /**
44
  * @var string
45
  */
46
+ protected $sPluginRootDir;
47
  /**
48
  * @var string
49
  */
50
+ protected $sPluginBaseFile;
51
  /**
52
  * @var string
53
  */
54
+ protected $sPluginUrl;
55
  /**
56
  * @var string
57
  */
58
  protected static $sOptionPrefix = '';
59
 
60
+ protected $aPluginMenu;
61
 
62
+ protected $sPluginSlug;
 
 
63
 
64
  protected $fShowMarketing;
65
 
 
 
66
  /**
67
  * @var ICWP_WpFunctions_WPSF;
68
  */
73
  */
74
  protected $m_oWpFs;
75
 
76
+ public function __construct( ICWP_Wordpress_Simple_Firewall_Plugin $oPluginVo ) {
77
+
78
+ // All core values of the plugin are derived from the values stored in this value object.
79
+ $this->oPluginVo = $oPluginVo;
80
+ $this->sPluginRootFile = $this->oPluginVo->getRootFile();
81
+ $this->sPluginSlug = $this->oPluginVo->getPluginSlug();
82
+ self::$sOptionPrefix = $this->oPluginVo->getOptionStoragePrefix();
83
+ $this->setPaths();
84
+
85
  add_action( 'plugins_loaded', array( $this, 'onWpPluginsLoaded' ) );
86
  add_action( 'init', array( $this, 'onWpInit' ), 0 );
87
  if ( $this->isValidAdminArea() ) {
89
  add_action( 'admin_notices', array( $this, 'onWpAdminNotices' ) );
90
  add_action( 'network_admin_notices', array( $this, 'onWpAdminNotices' ) );
91
  add_action( 'admin_menu', array( $this, 'onWpAdminMenu' ) );
92
+ add_action( 'network_admin_menu', array( $this, 'onWpAdminMenu' ) );
93
  add_action( 'plugin_action_links', array( $this, 'onWpPluginActionLinks' ), 10, 4 );
94
+ // add_action( 'deactivate_plugin', array( $this, 'onWpHookDeactivatePlugin' ), 1, 1 );
95
  add_action( 'wp_before_admin_bar_render', array( $this, 'onWpAdminBar' ), 1, 9999 );
96
  }
97
+ add_action( 'in_plugin_update_message-'.$this->getPluginBaseFile(), array( $this, 'onWpPluginUpdateMessage' ) );
98
  add_action( 'shutdown', array( $this, 'onWpShutdown' ) );
99
+ add_action( $this->doPluginPrefix( 'plugin_shutdown' ), array( $this, 'doPluginShutdown' ) );
100
 
 
 
 
101
  $this->registerActivationHooks();
102
  }
103
+
104
  /**
105
+ * Returns this unique plugin prefix
106
+ *
107
+ * @param string $sGlue
108
+ * @return string
109
  */
110
+ public function getPluginPrefix( $sGlue = '-' ) {
111
+ return $this->oPluginVo->getFullPluginPrefix( $sGlue );
112
+ }
113
+
114
+ /**
115
+ * Will prefix and return any string with the unique plugin prefix.
116
+ *
117
+ * @param string $sSuffix
118
+ * @param string $sGlue
119
+ * @return string
120
+ */
121
+ public function doPluginPrefix( $sSuffix = '', $sGlue = '-' ) {
122
+ $sPrefix = $this->oPluginVo->getFullPluginPrefix( $sGlue );
123
+
124
+ if ( $sSuffix == $sPrefix || strpos( $sSuffix, $sPrefix.$sGlue ) === 0 ) { //it already has the prefix
125
+ return $sSuffix;
126
  }
127
+
128
+ return sprintf( '%s%s%s', $sPrefix, empty($sSuffix)? '' : $sGlue, empty($sSuffix)? '' : $sSuffix );
 
 
 
 
129
  }
130
 
131
  protected function isValidAdminArea() {
132
+ $this->loadWpFunctions();
133
+ if ( !$this->m_oWpFunctions->isMultisite() && is_admin() ) {
134
  return true;
135
  }
136
+ else if ( $this->m_oWpFunctions->isMultisite() && $this->oPluginVo->getIsWpmsNetworkAdminOnly() && is_network_admin() ) {
137
  return true;
138
  }
139
  return false;
143
  * Registers the plugins activation, deactivate and uninstall hooks.
144
  */
145
  protected function registerActivationHooks() {
146
+ register_activation_hook( $this->sPluginRootFile, array( $this, 'onWpActivatePlugin' ) );
147
+ register_deactivation_hook( $this->sPluginRootFile, array( $this, 'onWpDeactivatePlugin' ) );
148
+ // register_uninstall_hook( $this->sPluginRootFile, array( $this, 'onWpUninstallPlugin' ) );
149
  }
150
 
151
  /**
152
  * @since v3.0.0
153
  */
154
  protected function setPaths() {
155
+ if ( empty( $this->sPluginRootFile ) ) {
156
+ $this->sPluginRootFile = __FILE__;
 
157
  }
158
+ $this->sPluginFileName = basename( $this->sPluginRootFile );
159
+ $this->getPluginBaseFile();
160
+ $this->sPluginRootDir = dirname( $this->sPluginRootFile ).ICWP_DS;
161
+ $this->sPluginUrl = plugins_url( '/', $this->sPluginRootFile ) ; //this seems to use SSL more reliably than WP_PLUGIN_URL
 
162
  }
163
 
164
  /**
165
+ * This is the path to the main plugin file relative to the WordPress plugins directory.
166
+ *
167
  * @return string
168
  */
169
+ public function getPluginBaseFile() {
170
+ if ( !isset( $this->sPluginBaseFile ) ) {
171
+ $this->sPluginBaseFile = plugin_basename( $this->sPluginRootFile );
172
+ }
173
+ return $this->sPluginBaseFile;
174
  }
175
 
176
  /**
177
+ * @param boolean $fHasPermission
178
  * @return boolean
179
  */
180
+ public function hasPermissionToView( $fHasPermission = true ) {
181
+ return $this->hasPermissionToSubmit( $fHasPermission );
182
  }
183
+
184
  /**
185
+ * @param boolean $fHasPermission
186
  * @return boolean
187
  */
188
+ public function hasPermissionToSubmit( $fHasPermission = true ) {
189
  // first a basic admin check
190
+ return $fHasPermission && is_super_admin() && current_user_can( $this->oPluginVo->getBasePermissions() );
191
  }
192
 
193
  public function doPluginUpdateCheck() {
194
+ $oWp = $this->loadWpFunctions();
195
+ $oWp->getIsPluginUpdateAvailable( $this->getPluginBaseFile() );
 
 
 
 
196
  }
197
 
198
  protected function display( $insView, $inaData = array() ) {
199
+ $sFile = $this->sPluginRootDir.self::ViewDir.ICWP_DS.$insView.self::ViewExt;
200
 
201
  if ( !is_file( $sFile ) ) {
202
  echo "View not found: ".$sFile;
204
  }
205
 
206
  if ( count( $inaData ) > 0 ) {
207
+ extract( $inaData, EXTR_PREFIX_ALL, $this->oPluginVo->getParentSlug() ); //slug being 'icwp'
208
  }
209
 
210
  ob_start();
216
  return true;
217
  }
218
 
219
+ protected function getSubmenuId( $sId = '' ) {
220
+ return $this->doPluginPrefix( $sId );
 
 
 
 
221
  }
222
 
223
  /**
224
  * Hooked to 'plugins_loaded'
225
  */
226
  public function onWpPluginsLoaded() {
 
227
  if ( is_admin() ) {
228
  //Handle plugin upgrades
 
229
  $this->doPluginUpdateCheck();
230
  $this->load_textdomain();
231
  }
232
+ $this->handlePluginFormSubmit();
233
+ add_filter( 'all_plugins', array( $this, 'filter_hidePluginFromTableList' ) );
234
+ add_filter( 'site_transient_update_plugins', array( $this, 'filter_hidePluginUpdatesFromUI' ) );
 
 
 
235
  }
236
 
 
 
 
 
 
 
237
  /**
238
  * Added to a WordPress filter ('all_plugins') which will remove this particular plugin from the
239
  * list of all plugins based on the "plugin file" name.
240
  *
241
  * @uses $this->m_fHeadless if the plugin is headless, it is hidden
242
+ * @param array $aPlugins
243
  * @return array
244
  */
245
+ public function filter_hidePluginFromTableList( $aPlugins ) {
246
 
247
+ if ( !$this->fHeadless ) {
248
+ return $aPlugins;
249
  }
250
+
251
+ $sPluginBaseFileName = $this->getPluginBaseFile();
252
+ if ( isset( $aPlugins[$sPluginBaseFileName] ) ) {
253
+ unset( $aPlugins[$sPluginBaseFileName] );
 
254
  }
255
+ return $aPlugins;
256
  }
257
 
258
  /**
262
  * In order to ensure that WordPress still checks for plugin updates it will not remove this plugin from
263
  * the list of plugins if DOING_CRON is set to true.
264
  *
265
+ * @uses $this->fHeadless if the plugin is headless, it is hidden
266
+ * @param StdClass $oPlugins
267
+ * @return StdClass
268
  */
269
+ public function filter_hidePluginUpdatesFromUI( $oPlugins ) {
270
 
271
+ if ( ( defined( 'DOING_CRON' ) && DOING_CRON ) || !$this->fHeadless ) {
272
+ return $oPlugins;
273
  }
274
+
275
+ if ( !empty( $oPlugins->response[ $this->getPluginBaseFile() ] ) ) {
276
+ unset( $oPlugins->response[ $this->getPluginBaseFile() ] );
 
 
 
 
 
277
  }
278
+
279
+ return $oPlugins;
280
  }
281
 
282
  /**
283
  * Load the multilingual aspect of the plugin
284
  */
285
  public function load_textdomain() {
286
+ //TODO: Can replace with $this->sPluginRootDir ?
287
+ load_plugin_textdomain( $this->oPluginVo->getTextDomain(), false, dirname( $this->getPluginBaseFile() ) . '/languages/' );
 
 
288
  }
289
 
290
  public function onWpInit() { }
291
 
292
  public function onWpAdminInit() {
293
  //Do Plugin-Specific Admin Work
294
+ if ( $this->getIsPage_PluginAdmin() ) {
295
  add_action( 'admin_enqueue_scripts', array( $this, 'enqueueBootstrapLegacyAdminCss' ), 99 );
296
  add_action( 'admin_enqueue_scripts', array( $this, 'enqueuePluginAdminCss' ), 99 );
297
  }
303
  }
304
  $this->createMenu();
305
  }
306
+
 
 
 
 
 
 
 
307
  protected function createMenu() {
308
 
309
+ if ( $this->fHeadless ) {
310
  return true;
311
  }
312
 
313
+ $sFullParentMenuId = $this->getPluginPrefix();
314
+ add_menu_page( $this->oPluginVo->getHumanName(), $this->oPluginVo->getAdminMenuTitle(), $this->oPluginVo->getBasePermissions(), $sFullParentMenuId, array( $this, 'onDisplayAll' ), $this->getPluginLogoUrl16() );
315
  //Create and Add the submenu items
316
+ // $this->createPluginSubMenuItems();
317
+
318
+ // allow for any plugin menu items that don't come from filters
319
+ add_filter( $this->doPluginPrefix( 'filter_plugin_submenu_items' ), array( $this, 'filter_addExtraAdminMenuItems' ) );
320
+
321
+ $aPluginMenuItems = apply_filters( $this->doPluginPrefix( 'filter_plugin_submenu_items' ), array() );
322
+ if ( !empty( $aPluginMenuItems ) ) {
323
+ foreach ( $aPluginMenuItems as $sMenuTitle => $aMenu ) {
324
+ list( $sMenuItemText, $sMenuItemId, $aMenuCallBack ) = $aMenu;
325
+ add_submenu_page(
326
+ $sFullParentMenuId,
327
+ $sMenuTitle,
328
+ $sMenuItemText,
329
+ $this->oPluginVo->getBasePermissions(),
330
+ $this->doPluginPrefix( $sMenuItemId ),
331
+ $aMenuCallBack
332
+ );
333
  }
334
  }
335
+ // if ( !empty($this->aPluginMenu) ) {
336
+ // foreach ( $this->aPluginMenu as $sMenuTitle => $aMenu ) {
337
+ // list( $sMenuItemText, $sMenuItemId, $sMenuCallBack ) = $aMenu;
338
+ // add_submenu_page( $sFullParentMenuId, $sMenuTitle, $sMenuItemText, $this->oPluginVo->getBasePermissions(), $sMenuItemId, array( $this, $sMenuCallBack ) );
339
+ // }
340
+ // }
341
  $this->fixSubmenu();
342
  }
343
 
344
+ /**
345
+ * @param array $aItems
346
+ * @return array
347
+ */
348
+ public function filter_addExtraAdminMenuItems( $aItems ) {
349
+ return $aItems;
 
350
  }
351
 
352
+ /**
353
+ * no longer used
354
+ */
355
+ protected function createPluginSubMenuItems() { }
356
+
357
  protected function fixSubmenu() {
358
  global $submenu;
359
+ $sFullParentMenuId = $this->getPluginPrefix();
360
  if ( isset( $submenu[$sFullParentMenuId] ) ) {
361
+ unset( $submenu[$sFullParentMenuId][0] );
362
+ // $submenu[$sFullParentMenuId][0][0] = 'Dashboard';
363
  }
364
  }
365
 
375
  * The callback function for the main admin menu index page
376
  */
377
  public function onDisplayMainMenu() {
378
+ $aData = array();
379
+ $this->display( $this->doPluginPrefix( 'index', '_' ), $aData );
 
 
 
380
  }
381
 
382
+ protected function getBaseDisplayData( $sSubmenu = '' ) {
383
  return array(
384
+ 'plugin_url' => $this->sPluginUrl,
385
  'var_prefix' => self::$sOptionPrefix,
386
+ 'sPluginName' => $this->oPluginVo->getHumanName(),
387
  'fShowAds' => $this->isShowMarketing(),
388
+ 'nonce_field' => $this->getPluginPrefix(),
389
+ 'form_action' => 'admin.php?page='.$this->getCurrentWpAdminPage()
390
  );
391
  }
392
 
393
+ /**
394
+ */
395
+ protected function getCurrentWpAdminPage() {
396
+ $sScript = isset( $_SERVER['SCRIPT_NAME'] )? $_SERVER['SCRIPT_NAME'] : $_SERVER['PHP_SELF'];
397
+ if ( is_admin() && !empty( $sScript ) && basename( $sScript ) == 'admin.php' ) {
398
+ $sCurrentPage = $this->fetchGet('page');
399
+ }
400
+ return empty($sCurrentPage)? '' : $sCurrentPage;
401
+ }
402
+
403
+ /**
404
+ */
405
+ protected function getIsPage_PluginMainDashboard() {
406
+ return ( $this->getCurrentWpAdminPage() == $this->getPluginPrefix() );
407
+ }
408
+
409
+ /**
410
+ */
411
+ protected function getIsPage_PluginAdmin() {
412
+ return ( strpos( $this->getCurrentWpAdminPage(), $this->getPluginPrefix() ) === 0 );
413
+ }
414
+
415
+ /**
416
+ * @param string $sFeaturePage - leave empty to get the main dashboard
417
+ * @return mixed
418
+ */
419
+ protected function getUrl_PluginDashboard( $sFeaturePage = '' ) {
420
+ return network_admin_url( sprintf( 'admin.php?page=%s', $this->getSubmenuId( $sFeaturePage ) ) );
421
+ }
422
+
423
  /**
424
  * @return bool
425
  */
449
  *
450
  * @see ICWP_Pure_Base_V1::onWpPluginActionLinks()
451
  */
452
+ public function onWpPluginActionLinks( $aActionLinks, $sPluginFile ) {
453
 
454
+ if ( $sPluginFile == $this->getPluginBaseFile() ) {
455
  if ( !$this->hasPermissionToSubmit() ) {
456
+ if ( array_key_exists( 'edit', $aActionLinks ) ) {
457
+ unset( $aActionLinks['edit'] );
458
  }
459
+ if ( array_key_exists( 'deactivate', $aActionLinks ) ) {
460
+ unset( $aActionLinks['deactivate'] );
461
  }
462
  }
463
+
464
+ $sSettingsLink = sprintf( '<a href="%s">%s</a>', $this->getUrl_PluginDashboard(), _wpsf__( 'Dashboard' ) ); ;
465
+ array_unshift( $aActionLinks, $sSettingsLink );
466
  }
467
+ return $aActionLinks;
468
  }
469
 
470
  /**
472
  */
473
  public function onWpAdminNotices() {
474
  // Do we have admin priviledges?
475
+ if ( !$this->isValidAdminArea() || !current_user_can( $this->oPluginVo->getBasePermissions() ) ) {
476
  return true;
477
  }
478
 
498
  if ( isset( $GLOBALS['pagenow'] ) && $GLOBALS['pagenow'] == 'update.php' ) {
499
  return;
500
  }
 
 
 
 
501
 
502
  $this->loadWpFunctions();
503
+ $oUpdate = $this->m_oWpFunctions->getIsPluginUpdateAvailable( $this->getPluginBaseFile() );
504
  if ( !$oUpdate ) {
505
  return;
506
  }
518
  protected function doAdminNoticePostUpgrade() {
519
 
520
  $sCurrentMetaValue = $this->getUserMeta( 'current_version' );
521
+ if ( $sCurrentMetaValue === $this->oPluginVo->getVersion() ) {
522
  return;
523
  }
524
  $sHtml = $this->getAdminNoticeHtml_VersionUpgrade();
563
  * Override this to change the message for the particular plugin upgrade.
564
  */
565
  protected function getAdminNoticeHtml_PluginUpgradeAvailable() {
566
+ $sUpgradeLink = $this->m_oWpFunctions->getPluginUpgradeLink( $this->getPluginBaseFile() );
567
  $sNotice = '<p>There is an update available for the %s plugin. <a href="%s">Click to update immediately</a>.</p>';
568
+ $sNotice = sprintf( $sNotice, $this->oPluginVo->getHumanName(), $sUpgradeLink );
569
  return $sNotice;
570
  }
571
 
598
  return $sFullNotice;
599
  }
600
  }
601
+
602
  /**
603
  *
604
  */
615
  protected function updateTranslationNoticeShownUserMeta( $nId = '', $sValue = 'Y' ) {
616
  $this->updateUserMeta( 'plugin_translation_notice', $sValue, $nId );
617
  }
618
+
619
  /**
620
  * Updates the current (or supplied user ID) user meta data with the version of the plugin
621
  *
629
  /**
630
  * Updates the current (or supplied user ID) user meta data with the version of the plugin
631
  *
632
+ * @param integer $nId
633
  */
634
+ protected function updateVersionUserMeta( $nId = null ) {
635
+ $this->updateUserMeta( 'current_version', $this->oPluginVo->getVersion(), $nId );
636
  }
637
 
638
  /**
665
  }
666
  $nUserId = $oCurrentUser->ID;
667
 
668
+ $sCurrentMetaValue = get_user_meta( $nUserId, $this->doPluginPrefix( $sKey, '_' ), true );
669
  // A guard whereby if we can't ever get a value for this meta, it means we can never set it.
670
  if ( empty( $sCurrentMetaValue ) ) {
671
  //the value has never been set, or it's been installed for the first time.
687
  return $current_user;
688
  }
689
 
690
+ protected function handlePluginFormSubmit() {
691
+ if ( !$this->isIcwpPluginFormSubmit() ) {
692
+ return false;
 
 
 
693
  }
694
+ // check_admin_referer( $this->getPluginPrefix() );
695
+
696
+ // do all the plugin feature/options saving
697
+ do_action( $this->doPluginPrefix( 'form_submit' ) );
698
+
699
+ if ( $this->getIsPage_PluginAdmin() ) {
700
+ wp_safe_redirect( $this->getUrl_PluginDashboard( $this->getCurrentWpAdminPage() ) );
701
+ return true;
702
  }
703
  }
704
 
705
+ /**
706
+ * @return bool
707
+ */
708
  protected function isIcwpPluginFormSubmit() {
709
+ if ( empty($_POST) && empty($_GET) ) {
710
+ return false;
711
+ }
712
 
713
+ $aFormSubmitOptions = array(
714
+ 'icwp_plugin_form_submit',
715
+ 'icwp_link_action',
716
+ 'icwp_wpsf_admin_access_key_request'
717
+ );
718
+ foreach( $aFormSubmitOptions as $sOption ) {
719
+ if ( !is_null( $this->fetchRequest( $sOption, false ) ) ) {
720
+ return true;
721
+ }
722
  }
723
  return false;
724
  }
725
+
726
  public function enqueueBootstrapAdminCss() {
727
+ $sUnique = $this->doPluginPrefix( 'bootstrap_wpadmin_css' );
728
+ wp_register_style( $sUnique, $this->getCssUrl( 'bootstrap-wpadmin.css' ), false, $this->oPluginVo->getVersion() );
729
+ wp_enqueue_style( $sUnique );
730
  }
731
 
732
  public function enqueueBootstrapLegacyAdminCss() {
733
+ $sUnique = $this->doPluginPrefix( 'bootstrap_wpadmin_legacy_css' );
734
+ wp_register_style( $sUnique, $this->getCssUrl( 'bootstrap-wpadmin-legacy.css' ), false, $this->oPluginVo->getVersion() );
735
+ wp_enqueue_style( $sUnique );
736
+
737
+ $sUnique = $this->doPluginPrefix( 'bootstrap_wpadmin_css_fixes' );
738
+ wp_register_style( $sUnique, $this->getCssUrl('bootstrap-wpadmin-fixes.css'), array( $this->doPluginPrefix( 'bootstrap_wpadmin_legacy_css' ) ), $this->oPluginVo->getVersion() );
739
+ wp_enqueue_style( $sUnique );
740
  }
741
 
742
  public function enqueuePluginAdminCss() {
743
+ $sUnique = $this->doPluginPrefix( 'plugin_css', '_' );
744
+ wp_register_style( $sUnique, $this->getCssUrl('plugin.css'), array( $this->doPluginPrefix( 'bootstrap_wpadmin_css_fixes' ) ), $this->oPluginVo->getVersion() );
745
+ wp_enqueue_style( $sUnique );
746
  }
 
747
  protected function redirect( $insUrl, $innTimeout = 1 ) {
748
  echo '
749
  <script type="text/javascript">
756
 
757
  /**
758
  * Displays a message in the plugins listing when a plugin has an update available.
 
759
  */
760
  public function onWpPluginUpdateMessage() {
761
  echo '<div style="color: #dd3333;">'
772
  * @param string $insPlugin
773
  */
774
  public function onWpHookDeactivatePlugin( $insPlugin ) {
775
+ if ( strpos( $insPlugin, $this->sPluginFileName ) !== false ) {
776
  $this->doPreventDeactivation( $insPlugin );
777
  }
778
  }
785
  wp_die( 'Sorry, you do not have permission to disable this plugin. You need to authenticate first.' );
786
  }
787
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
788
 
789
  /**
790
  * Use this to wrap up the function when the PHP process is coming to an end. Call from onWpShudown()
791
  */
792
+ public function doPluginShutdown() { }
 
 
793
 
794
  /**
795
  * Hooked to 'shutdown'
796
  */
797
  public function onWpShutdown() {
798
+ do_action( $this->doPluginPrefix( 'plugin_shutdown' ) );
799
  }
800
 
801
  public function onWpActivatePlugin() { }
802
  public function onWpDeactivatePlugin() { }
803
  public function onWpUninstallPlugin() { }
804
+
805
+ /**
806
+ * @return ICWP_WpFunctions_WPSF
807
+ */
808
  protected function loadWpFunctions() {
809
  if ( !isset( $this->m_oWpFunctions ) ) {
810
  $this->m_oWpFunctions = ICWP_WpFunctions_WPSF::GetInstance();
811
  }
812
+ return $this->m_oWpFunctions;
813
+ }
814
+
815
+ /**
816
+ * @return ICWP_WpFilesystem_WPSF
817
+ */
818
+ protected function loadWpFilesystem() {
819
+ return ICWP_WpFilesystem_WPSF::GetInstance();;
820
  }
821
 
822
  protected function flushCaches() {
826
  }
827
 
828
  protected function getImageUrl( $insImage ) {
829
+ return $this->sPluginUrl.'resources/images/'.$insImage;
830
  }
831
  protected function getCssUrl( $insCss ) {
832
+ return $this->sPluginUrl.'resources/css/'.$insCss;
833
  }
834
  protected function getJsUrl( $insJs ) {
835
+ return $this->sPluginUrl.'resources/js/'.$insJs;
836
  }
837
 
838
  /**
src/icwp-wpfunctions.php CHANGED
@@ -17,17 +17,17 @@
17
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
18
  */
19
 
20
- if ( !class_exists('ICWP_WpFunctions_V3') ):
21
 
22
- class ICWP_WpFunctions_V3 {
23
 
24
  /**
25
- * @var ICWP_WpFunctions_V3
26
  */
27
  protected static $oInstance = NULL;
28
 
29
  /**
30
- * @return ICWP_WpFunctions_V3
31
  */
32
  public static function GetInstance() {
33
  if ( is_null( self::$oInstance ) ) {
@@ -40,6 +40,11 @@ class ICWP_WpFunctions_V3 {
40
  * @var string
41
  */
42
  protected $m_sWpVersion;
 
 
 
 
 
43
 
44
  public function __construct() {}
45
 
@@ -133,6 +138,7 @@ class ICWP_WpFunctions_V3 {
133
  * @param string $sParams
134
  */
135
  public function redirectToLogin( $sParams = '' ) {
 
136
  header( "Location: ".site_url().'/wp-login.php'.$sParams );
137
  exit();
138
  }
@@ -151,12 +157,88 @@ class ICWP_WpFunctions_V3 {
151
  wp_safe_redirect( $sUrl );
152
  exit();
153
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
154
  }
155
  endif;
156
 
157
  if ( !class_exists('ICWP_WpFunctions_WPSF') ):
158
 
159
- class ICWP_WpFunctions_WPSF extends ICWP_WpFunctions_V3 {
160
  /**
161
  * @return ICWP_WpFunctions_WPSF
162
  */
17
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
18
  */
19
 
20
+ if ( !class_exists('ICWP_WpFunctions_V4') ):
21
 
22
+ class ICWP_WpFunctions_V4 {
23
 
24
  /**
25
+ * @var ICWP_WpFunctions_V4
26
  */
27
  protected static $oInstance = NULL;
28
 
29
  /**
30
+ * @return ICWP_WpFunctions_V4
31
  */
32
  public static function GetInstance() {
33
  if ( is_null( self::$oInstance ) ) {
40
  * @var string
41
  */
42
  protected $m_sWpVersion;
43
+
44
+ /**
45
+ * @var boolean
46
+ */
47
+ protected $fIsMultisite;
48
 
49
  public function __construct() {}
50
 
138
  * @param string $sParams
139
  */
140
  public function redirectToLogin( $sParams = '' ) {
141
+ $sParams = empty( $sParams ) ? '' : '?'.$sParams;
142
  header( "Location: ".site_url().'/wp-login.php'.$sParams );
143
  exit();
144
  }
157
  wp_safe_redirect( $sUrl );
158
  exit();
159
  }
160
+
161
+ /**
162
+ * @return string
163
+ */
164
+ public function getSiteName() {
165
+ return function_exists( 'get_bloginfo' )? get_bloginfo('name') : 'WordPress Site';
166
+ }
167
+ /**
168
+ * @return string
169
+ */
170
+ public function getSiteAdminEmail() {
171
+ return function_exists( 'get_bloginfo' )? get_bloginfo('admin_email') : '';
172
+ }
173
+
174
+ /**
175
+ * @param string $sRedirectUrl
176
+ */
177
+ public function logoutUser( $sRedirectUrl = '' ) {
178
+ empty( $sRedirectUrl ) ? wp_logout() : wp_logout_url( $sRedirectUrl );
179
+ }
180
+
181
+ /**
182
+ * @return bool
183
+ */
184
+ public function isMultisite() {
185
+ if ( !isset( $this->fIsMultisite ) ) {
186
+ $this->fIsMultisite = function_exists( 'is_multisite' ) && is_multisite();
187
+ }
188
+ return $this->fIsMultisite;
189
+ }
190
+
191
+ /**
192
+ * @param string $sKey
193
+ * @param $sValue
194
+ * @return mixed
195
+ */
196
+ public function addOption( $sKey, $sValue ) {
197
+ return $this->isMultisite() ? add_site_option( $sKey, $sValue ) : add_option( $sKey, $sValue );
198
+ }
199
+
200
+ /**
201
+ * @param string $sKey
202
+ * @param $sValue
203
+ * @return mixed
204
+ */
205
+ public function updateOption( $sKey, $sValue ) {
206
+ return $this->isMultisite() ? update_site_option( $sKey, $sValue ) : update_option( $sKey, $sValue );
207
+ }
208
+
209
+ /**
210
+ * @param string $sKey
211
+ * @param mixed $mDefault
212
+ * @return mixed
213
+ */
214
+ public function getOption( $sKey, $mDefault = false ) {
215
+ return $this->isMultisite() ? get_site_option( $sKey, $mDefault ) : get_option( $sKey, $mDefault );
216
+ }
217
+
218
+ /**
219
+ * @param string $sKey
220
+ * @return mixed
221
+ */
222
+ public function deleteOption( $sKey ) {
223
+ return $this->isMultisite() ? delete_site_option( $sKey ) : delete_option( $sKey );
224
+ }
225
+
226
+ /**
227
+ */
228
+ public function getCurrentWpAdminPage() {
229
+ $sScript = isset( $_SERVER['SCRIPT_NAME'] )? $_SERVER['SCRIPT_NAME'] : $_SERVER['PHP_SELF'];
230
+ if ( is_admin() && !empty( $sScript ) && basename( $sScript ) == 'admin.php' && isset( $_GET['page'] ) ) {
231
+ $sCurrentPage = $_GET['page'];
232
+ }
233
+ return empty($sCurrentPage)? '' : $sCurrentPage;
234
+ }
235
+
236
  }
237
  endif;
238
 
239
  if ( !class_exists('ICWP_WpFunctions_WPSF') ):
240
 
241
+ class ICWP_WpFunctions_WPSF extends ICWP_WpFunctions_V4 {
242
  /**
243
  * @return ICWP_WpFunctions_WPSF
244
  */
views/icwp-wpsf-access_restricted_index.php ADDED
@@ -0,0 +1,54 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ include_once( 'icwp-wpsf-config_header.php' );
3
+ ?>
4
+ <div class="row">
5
+ <div class="span9">
6
+ <?php
7
+ if ( false && isset( $_COOKIE[ 'TODOcookie-name' ] ) ) { //the user hasn't created an encryption salt
8
+ ?>
9
+ <div class="alert alert-info">
10
+ <p>You are currently authorized to access your cPanel Manager functions with this plugin.</p>
11
+ <p>You will be returned here once your session times out.</p>
12
+ <form method="post" action="<?php echo $worpit_form_action; ?>" class="form-horizontal">
13
+ <?php wp_nonce_field( $worpit_nonce_field ); ?>
14
+ <input type="hidden" name="cpm_form_submit" value="1" />
15
+ <button type="submit" class="btn btn-primary" name="submit_remove_access">End cPanel Manager Session Now</button>
16
+ </form>
17
+ </div>
18
+ <?php
19
+ }
20
+ else {
21
+ ?>
22
+ <div class="well">
23
+ <h3><?php _wpsf_e( 'What should you enter here?');?></h3>
24
+ <p><?php _wpsf_e( 'At some point you supplied an Admin Access Key - to manage this plugin, you must supply it here first.');?>.</p>
25
+ </div>
26
+ <form action="<?php echo $icwp_form_action; ?>" method="post" class="form-horizontal">
27
+ <input type="hidden" name="icwp_wpsf_requested_page" value="<?php echo $icwp_requested_page; ?>" />
28
+ <div class="control-group">
29
+ <label class="control-label" for="icwp_wpsf_admin_access_key_request"><?php _wpsf_e( 'Enter Access Key');?><br></label>
30
+ <div class="controls">
31
+ <div class="option_section selected_item active" id="option_section_icwp_wpsf_admin_access_key">
32
+ <label>
33
+ <input type="text" name="icwp_wpsf_admin_access_key_request" value="" autocomplete="off" />
34
+ </label>
35
+ <p class="help-block"><?php _wpsf_e( 'To manage this plugin you must enter the access key.');?></p>
36
+ </div>
37
+ </div><!-- controls -->
38
+ </div>
39
+ <div class="form-actions">
40
+ <?php wp_nonce_field( $icwp_nonce_field ); ?>
41
+ <input type="hidden" name="icwp_plugin_form_submit" value="Y" />
42
+ <button type="submit" class="btn btn-primary" name="submit"><?php _wpsf_e( 'Submit Key' ); ?></button>
43
+ </div>
44
+ </form>
45
+ <?php
46
+ }
47
+ ?>
48
+ </div><!-- / span9 -->
49
+ <div class="span3" id="side_widgets">
50
+ <?php // echo getWidgetIframeHtml( 'cpm-side-widgets' ); ?>
51
+ </div>
52
+ </div>
53
+
54
+ <?php include_once( 'icwp-wpsf-config_footer.php' );
views/icwp-wpsf-config-options-table.php ADDED
@@ -0,0 +1,23 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <div class="row">
2
+ <div class="<?php echo $icwp_fShowAds? 'span9' : 'span12'; ?>">
3
+
4
+ <form action="<?php echo $icwp_form_action; ?>" method="post" class="form-horizontal">
5
+ <?php
6
+ wp_nonce_field( $icwp_nonce_field );
7
+ printAllPluginOptionsForm( $icwp_aAllOptions, $icwp_var_prefix, 1 );
8
+ ?>
9
+ <div class="form-actions">
10
+ <input type="hidden" name="<?php echo $icwp_var_prefix; ?>all_options_input" value="<?php echo $icwp_all_options_input; ?>" />
11
+ <input type="hidden" name="icwp_plugin_form_submit" value="Y" />
12
+ <button type="submit" class="btn btn-primary btn-large" name="submit"><?php _wpsf_e( 'Save All Settings' ); ?></button>
13
+ </div>
14
+ </form>
15
+
16
+ </div><!-- / span9 -->
17
+
18
+ <?php if ( $icwp_fShowAds ) : ?>
19
+ <div class="span3" id="side_widgets">
20
+ <?php echo getWidgetIframeHtml('side-widgets-wtb'); ?>
21
+ </div>
22
+ <?php endif; ?>
23
+ </div><!-- / row -->
views/{icwp_wpsf_config_autoupdates_index.php → icwp-wpsf-config_autoupdates_index.php} RENAMED
@@ -1,15 +1,12 @@
1
  <?php
2
- include_once( dirname(__FILE__).ICWP_DS.'icwp_options_helper.php' );
3
- include_once( dirname(__FILE__).ICWP_DS.'widgets'.ICWP_DS.'icwp_widgets.php' );
4
  ?>
5
- <div class="wrap">
6
- <div class="bootstrap-wpadmin">
7
- <?php echo printOptionsPageHeader( _wpsf__('Auto WordPress Updates') ); ?>
8
 
9
- <div class="row">
10
- <div class="<?php echo $icwp_fShowAds? 'span9' : 'span12'; ?>">
11
-
12
- <form action="<?php echo $icwp_form_action; ?>" method="post" class="form-horizontal">
13
  <legend>Run Updates Now</legend>
14
  <div class="control-group">
15
  <label class="control-label">Run Automatic Updates
@@ -24,26 +21,25 @@ include_once( dirname(__FILE__).ICWP_DS.'widgets'.ICWP_DS.'icwp_widgets.php' );
24
  </div>
25
  </div><!-- controls -->
26
  </div>
 
27
  <?php
28
- wp_nonce_field( $icwp_nonce_field );
29
- printAllPluginOptionsForm( $icwp_aAllOptions, $icwp_var_prefix, 1 );
30
  ?>
31
  <div class="form-actions">
32
  <input type="hidden" name="<?php echo $icwp_var_prefix; ?>all_options_input" value="<?php echo $icwp_all_options_input; ?>" />
33
  <input type="hidden" name="icwp_plugin_form_submit" value="Y" />
34
  <button type="submit" class="btn btn-primary" name="submit"><?php _wpsf_e( 'Save All Settings' ); ?></button>
35
- </div>
36
- </form>
37
-
38
- </div><!-- / span9 -->
39
-
40
- <?php if ( $icwp_fShowAds ) : ?>
41
  <div class="span3" id="side_widgets">
42
- <?php echo getWidgetIframeHtml('side-widgets-wtb'); ?>
43
  </div>
44
- <?php endif; ?>
45
- </div><!-- / row -->
46
-
47
- </div><!-- / bootstrap-wpadmin -->
48
- <?php include_once( dirname(__FILE__).'/include_js.php' ); ?>
49
- </div>
1
  <?php
2
+ include_once( 'icwp-wpsf-config_header.php' );
 
3
  ?>
4
+ <div class="row">
5
+ <div class="<?php echo $icwp_fShowAds? 'span9' : 'span12'; ?>">
 
6
 
7
+ <form action="<?php echo $icwp_form_action; ?>" method="post" class="form-horizontal">
8
+
9
+ <?php if ( $fAutoupdatesOn ) : ?>
 
10
  <legend>Run Updates Now</legend>
11
  <div class="control-group">
12
  <label class="control-label">Run Automatic Updates
21
  </div>
22
  </div><!-- controls -->
23
  </div>
24
+ <?php endif; ?>
25
  <?php
26
+ wp_nonce_field( $icwp_nonce_field );
27
+ printAllPluginOptionsForm( $icwp_aAllOptions, $icwp_var_prefix, 1 );
28
  ?>
29
  <div class="form-actions">
30
  <input type="hidden" name="<?php echo $icwp_var_prefix; ?>all_options_input" value="<?php echo $icwp_all_options_input; ?>" />
31
  <input type="hidden" name="icwp_plugin_form_submit" value="Y" />
32
  <button type="submit" class="btn btn-primary" name="submit"><?php _wpsf_e( 'Save All Settings' ); ?></button>
33
+ </div>
34
+ </form>
35
+
36
+ </div><!-- / span9 -->
37
+
38
+ <?php if ( $icwp_fShowAds ) : ?>
39
  <div class="span3" id="side_widgets">
40
+ <?php echo getWidgetIframeHtml('side-widgets-wtb'); ?>
41
  </div>
42
+ <?php endif; ?>
43
+ </div><!-- / row -->
44
+
45
+ <?php include_once( 'icwp-wpsf-config_footer.php' );
 
 
views/icwp-wpsf-config_footer.php ADDED
@@ -0,0 +1,4 @@
 
 
 
 
1
+ <?php include_once( dirname(__FILE__).'/include_js.php' ); ?>
2
+
3
+ </div><!-- / bootstrap-wpadmin -->
4
+ </div><!-- / wrap -->
views/icwp-wpsf-config_header.php ADDED
@@ -0,0 +1,25 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ include_once( dirname(__FILE__).ICWP_DS.'icwp_options_helper.php' );
3
+ include_once( dirname(__FILE__).ICWP_DS.'widgets'.ICWP_DS.'icwp_widgets.php' );
4
+
5
+ $sPluginName = 'WordPress Simple Firewall';
6
+ $fAdminAccessOn = $icwp_aMainOptions['enable_admin_access_restriction'] == 'Y';
7
+ $fFirewallOn = $icwp_aMainOptions['enable_firewall'] == 'Y';
8
+ $fLoginProtectOn = $icwp_aMainOptions['enable_login_protect'] == 'Y';
9
+ $fCommentsFilteringOn = $icwp_aMainOptions['enable_comments_filter'] == 'Y';
10
+ $fLockdownOn = $icwp_aMainOptions['enable_lockdown'] == 'Y';
11
+ $fAutoupdatesOn = $icwp_aMainOptions['enable_autoupdates'] == 'Y';
12
+
13
+ $sLatestVersionBranch = '2.x.x';
14
+ $sOn = _wpsf__( 'On' );
15
+ $sOff = _wpsf__( 'Off' );
16
+ ?>
17
+
18
+ <div class="wrap">
19
+ <div class="bootstrap-wpadmin">
20
+ <div class="row">
21
+ <div class="span12">
22
+ <?php include_once( dirname(__FILE__).'/icwp-wpsf-state_summary.php' ); ?>
23
+ </div>
24
+ </div>
25
+ <?php echo printOptionsPageHeader( $icwp_sFeatureName );
views/icwp-wpsf-config_index.php ADDED
@@ -0,0 +1,4 @@
 
 
 
 
1
+ <?php
2
+ include_once( 'icwp-wpsf-config_header.php' );
3
+ include_once( 'icwp-wpsf-config-options-table.php' );
4
+ include_once( 'icwp-wpsf-config_footer.php' );
views/icwp-wpsf-config_plugin_index.php ADDED
@@ -0,0 +1,302 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ include_once( 'icwp-wpsf-config_header.php' );
3
+ ?>
4
+ <?php if ( $icwp_fShowAds ) : ?>
5
+ <div class="row" id="worpit_promo">
6
+ <div class="span12">
7
+ <?php echo getWidgetIframeHtml( 'dashboard-widget-worpit-wtb' ); ?>
8
+ </div>
9
+ </div><!-- / row -->
10
+
11
+ <?php endif; ?>
12
+
13
+ <div class="row">
14
+ <div class="<?php echo $icwp_fShowAds? 'span9' : 'span12'; ?>">
15
+ <form action="<?php echo $icwp_form_action; ?>" method="post" class="form-horizontal">
16
+ <?php
17
+ wp_nonce_field( $icwp_nonce_field );
18
+ printAllPluginOptionsForm( $icwp_aAllOptions, $icwp_var_prefix, 1 );
19
+ ?>
20
+ <div class="form-actions">
21
+ <input type="hidden" name="<?php echo $icwp_var_prefix; ?>all_options_input" value="<?php echo $icwp_all_options_input; ?>" />
22
+ <input type="hidden" name="icwp_plugin_form_submit" value="Y" />
23
+ <button type="submit" class="btn btn-primary" name="submit"><?php _wpsf_e( 'Save All Settings' ); ?></button>
24
+ </div>
25
+ </form>
26
+
27
+ </div><!-- / span9 -->
28
+
29
+ <?php if ( $icwp_fShowAds ) : ?>
30
+ <div class="span3" id="side_widgets">
31
+ <?php echo getWidgetIframeHtml('side-widgets-wtb'); ?>
32
+ </div>
33
+ <?php endif; ?>
34
+ </div><!-- / row -->
35
+
36
+ <?php include_once( dirname(__FILE__).'/widgets/icwp_common_widgets.php' ); ?>
37
+
38
+ <?php if ( $icwp_fShowAds ) : ?>
39
+ <div class="row" id="developer_channel_promo">
40
+ <div class="span12">
41
+ <?php echo getWidgetIframeHtml('dashboard-widget-developerchannel-wtb'); ?>
42
+ </div>
43
+ </div><!-- / row -->
44
+ <?php endif; ?>
45
+
46
+ <div class="row" id="tbs_docs">
47
+ <h2><?php _wpsf_e( 'Plugin Configuration Summary'); ?></h2>
48
+ <div class="span6" id="tbs_docs_shortcodes">
49
+ <div class="well">
50
+ <h4 style="margin-top:20px;">
51
+ <?php printf( _wpsf__('Firewall is %s'), $fFirewallOn ? $sOn : $sOff ); ?>
52
+ [ <a href="admin.php?page=icwp-wpsf-firewall"><?php _wpsf_e('Configure Now'); ?></a> ]</h4>
53
+ <?php if ( $fFirewallOn ) : ?>
54
+ <ul>
55
+ <li><?php printf( _wpsf__('Firewall logging is %s'), ($icwp_aFirewallOptions['enable_firewall_log'] == 'Y') ? $sOn : $sOff ); ?></li>
56
+ <li><?php _wpsf_e( 'When the firewall blocks a visit, it will:'); ?>
57
+ <?php
58
+ if( $icwp_aFirewallOptions['block_response'] == 'redirect_die' ) {
59
+ _wpsf_e( 'Die' );
60
+ }
61
+ else if ( $icwp_aFirewallOptions['block_response'] == 'redirect_die_message' ) {
62
+ _wpsf_e( 'Die with a message' );
63
+ }
64
+ else if ( $icwp_aFirewallOptions['block_response'] == 'redirect_home' ) {
65
+ _wpsf_e( 'Redirect to home page' );
66
+ }
67
+ else if ( $icwp_aFirewallOptions['block_response'] == 'redirect_404' ) {
68
+ _wpsf_e( 'Redirect to 404 page' );
69
+ }
70
+ else {
71
+ _wpsf_e( 'Unknown' );
72
+ }
73
+ ?>
74
+ </li>
75
+ <?php if ( isset($icwp_aFirewallOptions['ips_whitelist']['ips']) ) : ?>
76
+ <li>
77
+ <?php printf( _wpsf__('You have %s whitelisted IP addresses'), count( $icwp_aFirewallOptions['ips_whitelist']['ips'] ) ); ?>
78
+ <?php foreach( $icwp_aFirewallOptions['ips_whitelist']['ips'] as $sIp ) : ?>
79
+ <br />
80
+ <?php printf( _wpsf__('%s labelled as %s'), long2ip($sIp), $icwp_aFirewallOptions['ips_whitelist']['meta'][md5( $sIp )] ); ?>
81
+ <?php endforeach; ?>
82
+ </li>
83
+ <?php endif; ?>
84
+
85
+ <?php if ( isset($icwp_aFirewallOptions['ips_blacklist']['ips']) ) : ?>
86
+ <li>
87
+ <?php printf( _wpsf__('You have %s blacklisted IP addresses'), count( $icwp_aFirewallOptions['ips_blacklist']['ips'] ) ); ?>
88
+ <?php foreach( $icwp_aFirewallOptions['ips_blacklist']['ips'] as $sIp ) : ?>
89
+ <br />
90
+ <?php printf( _wpsf__('%s labelled as %s'), long2ip($sIp), $icwp_aFirewallOptions['ips_blacklist']['meta'][md5( $sIp )] ); ?>
91
+ <?php endforeach; ?>
92
+ </li>
93
+ <?php endif; ?>
94
+
95
+ <li><?php printf( _wpsf__('Firewall blocks Directory Traversals: %s'), ($icwp_aFirewallOptions['block_dir_traversal'] == 'Y')? $sOn : $sOff ); ?></li>
96
+ <li><?php printf( _wpsf__('Firewall blocks SQL Queries: %s'), ($icwp_aFirewallOptions['block_sql_queries'] == 'Y')? $sOn : $sOff ); ?></li>
97
+ <li><?php printf( _wpsf__('Firewall blocks WordPress Specific Terms: %s'), ($icwp_aFirewallOptions['block_wordpress_terms'] == 'Y')? $sOn : $sOff ); ?></li>
98
+ <li><?php printf( _wpsf__('Firewall blocks Field Truncation Attacks: %s'), ($icwp_aFirewallOptions['block_field_truncation'] == 'Y')? $sOn : $sOff ); ?></li>
99
+ <li><?php printf( _wpsf__('Firewall blocks Directory Traversals: %s'), ($icwp_aFirewallOptions['block_dir_traversal'] == 'Y')? $sOn : $sOff ); ?></li>
100
+ <li><?php printf( _wpsf__('Firewall blocks Executable File Uploads: %s'), ($icwp_aFirewallOptions['block_exe_file_uploads'] == 'Y')? $sOn : $sOff ); ?></li>
101
+ <li><?php printf( _wpsf__('Firewall blocks Leading Schemas (HTTPS / HTTP): %s'), ($icwp_aFirewallOptions['block_leading_schema'] == 'Y')? $sOn : $sOff ); ?></li>
102
+ <li><?php printf( _wpsf__('Firewall Logging is %s'), ($icwp_aFirewallOptions['enable_firewall_log'] == 'Y')? $sOn : $sOff ); ?></li>
103
+ </ul>
104
+ <?php endif; ?>
105
+ <hr/>
106
+ <h4 style="margin-top:20px;">
107
+ <?php printf( _wpsf__('Login Protection is %s'), $fLoginProtectOn ? $sOn : $sOff ); ?>
108
+ [ <a href="admin.php?page=icwp-wpsf-login_protect"><?php _wpsf_e('Configure Now'); ?></a> ]</h4>
109
+ <?php if ( $fLoginProtectOn ) : ?>
110
+ <ul>
111
+ <?php if ( isset($icwp_aLoginProtectOptions['ips_whitelist']['ips']) ) : ?>
112
+ <li>
113
+ <?php printf( _wpsf__('You have %s whitelisted IP addresses'), count( $icwp_aLoginProtectOptions['ips_whitelist']['ips'] ) ); ?>
114
+ <?php foreach( $icwp_aLoginProtectOptions['ips_whitelist']['ips'] as $sIp ) : ?>
115
+ <br />
116
+ <?php printf( _wpsf__('%s labelled as %s'), long2ip($sIp), $icwp_aLoginProtectOptions['ips_whitelist']['meta'][md5( $sIp )] ); ?>
117
+ <?php endforeach; ?>
118
+ </li>
119
+ <?php endif; ?>
120
+ <li><?php printf( _wpsf__('Two Factor Login Authentication: %s'), ($icwp_aLoginProtectOptions['enable_two_factor_auth_by_ip'] == 'Y')? $sOn : $sOff ); ?></li>
121
+ <li><?php printf( _wpsf__('Two Factor Login By Pass: %s'), ($icwp_aLoginProtectOptions['enable_two_factor_bypass_on_email_fail'] == 'Y')? $sOn : $sOff ); ?></li>
122
+ <li><?php printf( _wpsf__('Login Cooldown Interval: %s'), ($icwp_aLoginProtectOptions['login_limit_interval'] == '0')? $sOff : sprintf( _wpsf__('%s seconds'), $icwp_aLoginProtectOptions['login_limit_interval'] ) ); ?></li>
123
+ <li><?php printf( _wpsf__('Login Form GASP Protection: %s'), ($icwp_aLoginProtectOptions['enable_login_gasp_check'] == 'Y')? $sOn : $sOff ); ?></li>
124
+ <li><?php printf( _wpsf__('Login Protect Logging: %s'), ($icwp_aLoginProtectOptions['enable_login_protect_log'] == 'Y')? $sOn : $sOff ); ?></li>
125
+ </ul>
126
+ <?php endif; ?>
127
+ <hr/>
128
+ <h4 style="margin-top:20px;">
129
+ <?php printf( _wpsf__('Comments Filtering is %s'), $fCommentsFilteringOn ? $sOn : $sOff ); ?>
130
+ [ <a href="admin.php?page=icwp-wpsf-comments_filter"><?php _wpsf_e('Configure Now'); ?></a> ]</h4>
131
+ <?php if ( $fCommentsFilteringOn ) : ?>
132
+ <ul>
133
+ <li><?php printf( _wpsf__('Enchanced GASP Protection: %s'), ($icwp_aCommentsFilterOptions['enable_comments_gasp_protection'] == 'Y')? $sOn : $sOff ); ?></li>
134
+ <li><?php printf( _wpsf__('Comments Cooldown Interval: %s'), ($icwp_aCommentsFilterOptions['comments_cooldown_interval'] == '0')? $sOff : sprintf( _wpsf__('%s seconds'), $icwp_aCommentsFilterOptions['comments_cooldown_interval'] ) ); ?></li>
135
+ <li><?php printf( _wpsf__('Comments Token Expire: %s'), ($icwp_aCommentsFilterOptions['comments_token_expire_interval'] == '0')? $sOff : sprintf( _wpsf__('%s seconds'), $icwp_aCommentsFilterOptions['comments_token_expire_interval'] ) ); ?></li>
136
+ </ul>
137
+ <?php endif; ?>
138
+ <hr/>
139
+ <h4 style="margin-top:20px;">
140
+ <?php printf( _wpsf__('WordPress Lockdown is %s'), $fLockdownOn ? $sOn : $sOff ); ?>
141
+ [ <a href="admin.php?page=icwp-wpsf-lockdown"><?php _wpsf_e('Configure Now'); ?></a> ]</h4>
142
+ <?php if ( $fLockdownOn ) : ?>
143
+ <ul>
144
+ <li><?php printf( _wpsf__('Disable File Editing: %s'), ($icwp_aLockdownOptions['disable_file_editing'] == 'Y')? $sOn : $sOff ); ?></li>
145
+ <li><?php printf( _wpsf__('Mask WordPress Version: %s'), empty($icwp_aLockdownOptions['mask_wordpress_version'])? $sOff : $icwp_aLockdownOptions['mask_wordpress_version'] ); ?></li>
146
+ </ul>
147
+ <?php endif; ?>
148
+ <hr/>
149
+ <h4 style="margin-top:20px;">
150
+ <?php printf( _wpsf__('Auto Updates is %s'), $fAutoupdatesOn ? $sOn : $sOff ); ?>
151
+ [ <a href="admin.php?page=icwp-wpsf-autoupdates"><?php _wpsf_e('Configure Now'); ?></a> ]</h4>
152
+ <?php if ( $fAutoupdatesOn ) :
153
+
154
+ if ( $icwp_aAutoupdatesOptions['autoupdate_core'] == 'core_never' ) {
155
+ $sAutoCoreUpdateOption = $sOff;
156
+ }
157
+ else if ( $icwp_aAutoupdatesOptions['autoupdate_core'] == 'core_minor' ) {
158
+ $sAutoCoreUpdateOption = _wpsf__('Minor Versions Only');
159
+ }
160
+ else {
161
+ $sAutoCoreUpdateOption = _wpsf__('Major and Minor Versions');
162
+ }
163
+ ?>
164
+ <ul>
165
+ <li><?php printf( _wpsf__('Automatically Update WordPress Simple Firewall Plugin: %s'), ($icwp_aAutoupdatesOptions['autoupdate_plugin_self'] == 'Y')? $sOn : $sOff ); ?></li>
166
+ <li><?php printf( _wpsf__('Automatically Update WordPress Core: %s'), $sAutoCoreUpdateOption ); ?></li>
167
+ <li><?php printf( _wpsf__('Automatically Update Plugins: %s'), ($icwp_aAutoupdatesOptions['enable_autoupdate_plugins'] == 'Y')? $sOn : $sOff ); ?></li>
168
+ <li><?php printf( _wpsf__('Automatically Update Themes: %s'), ($icwp_aAutoupdatesOptions['enable_autoupdate_themes'] == 'Y')? $sOn : $sOff ); ?></li>
169
+ <li><?php printf( _wpsf__('Automatically Update Translations: %s'), ($icwp_aAutoupdatesOptions['enable_autoupdate_translations'] == 'Y')? $sOn : $sOff ); ?></li>
170
+ <li><?php printf( _wpsf__('Ignore Version Control Systems: %s'), ($icwp_aAutoupdatesOptions['enable_autoupdate_ignore_vcs'] == 'Y')? $sOn : $sOff ); ?></li>
171
+ </ul>
172
+ <?php endif; ?>
173
+ </div>
174
+ </div><!-- / span6 -->
175
+ <div class="span6" id="tbs_docs_examples">
176
+ <div class="well">
177
+ <h3><?php printf( _wpsf__('Release v%s'), $sLatestVersionBranch ) ; ?></h3>
178
+ <p><?php printf( _wpsf__('The following summarises the main changes to the plugin in the v%s release'), $sLatestVersionBranch ) ; ?></p>
179
+ <p><?php printf( _wpsf__('%snew%s refers to the absolute latest release.'), '<span class="label">', '</span>' ) ; ?></p>
180
+ <?php
181
+ $aNewLog = array(
182
+ 'ADDED: Options to automatic updates to control where and whether email notifications are sent.',
183
+ 'ADDED: Various fixes and verification of WordPress 3.8 compatibility.',
184
+ 'ADDED: Integration with iControlWP and the automatic updates system.',
185
+ 'ADDED: Better filesystem handling methods.',
186
+ 'ADDED: Better firewall logic for whitelisting rules.',
187
+ 'ADDED: Some new firewall white listing parameters to help with post editing.',
188
+ 'ADDED: Option to run automatic updates upon demand according to your settings',
189
+ 'ADDED: Localization capabilities. All we need now are translators.',
190
+ 'ADDED: Option to mask the WordPress version so the real version is never publicly visible.'
191
+ );
192
+ ?>
193
+ <ul>
194
+ <?php foreach( $aNewLog as $sItem ) : ?>
195
+ <li><span class="label"><?php _wpsf_e('new'); ?></span> <?php echo $sItem; ?></li>
196
+ <?php endforeach; ?>
197
+ </ul>
198
+ <?php
199
+ $aLog = array(
200
+ );
201
+ ?>
202
+ <ul>
203
+ <?php foreach( $aLog as $sItem ) : ?>
204
+ <li><?php echo $sItem; ?></li>
205
+ <?php endforeach; ?>
206
+ </ul>
207
+ </div>
208
+ <div class="well">
209
+ <?php
210
+ $aLog = array(
211
+
212
+ '1.9.x' => array(
213
+ 'ADDED: Block deactivation of plugin if admin access restriction is on.',
214
+ 'ADDED: New feature to manage WordPress Automatic Updates.',
215
+ 'FIXED: Several small bugs and streamlined codebase.',
216
+ ),
217
+ '1.8.x' => array(
218
+ 'ADDED: Admin Access Key Restriction feature.',
219
+ 'ADDED: WordPress Lockdown feature.'
220
+ ),
221
+ '1.7.x' => array(
222
+ 'ADDED: Support for WPMU sites (only manageable as Super Admin).',
223
+ 'CHANGE: Serious performance optimizations and a few bug fixes.',
224
+ ),
225
+ '1.6.x' => array(
226
+ 'ADDED: GASP-based, and further enhanced, SPAM comments filtering functionality.',
227
+ ),
228
+ '1.5.x' => array(
229
+ 'IMPROVED: Whitelisting/Blacklisting operations and options',
230
+ 'NEW Option: Login Protect Dedicated IP Whitelist.',
231
+ 'REMOVED Option: Firewall wp-login.php blocking'
232
+ ),
233
+ '1.4.x' => array(
234
+ 'NEW Option: Plugin will automatically upgrade itself when an update is detected - ensures plugin always remains current.',
235
+ 'Now displays an admin notice when a plugin upgrade is available with a link to immediately update.',
236
+ 'Plugin collision protection: removes collision with All In One WordPress Security.',
237
+ 'Improved Login Cooldown Feature- works more like email throttling as it now uses an extra filesystem-based level of protection.',
238
+ "Fix - Login Cooldown Feature didn't take effect in certain circumstances.",
239
+ 'Brand new plugin options system making them more efficient, easier to manage/update, using fewer WordPress database options',
240
+ 'Huge improvements on database calls and efficiency in loading plugin options'
241
+ ),
242
+ '1.3.x' => array(
243
+ "New Feature - Email Throttle. It will prevent you getting bombarded by 1000s of emails in case you're hit by a bot.",
244
+ "Another Firewall die() option. New option will print a message and uses the wp_die() function instead.",
245
+ "Option to separately log Login Protect features.",
246
+ "Refactored and improved the logging system.",
247
+ "Option to by-pass 2-factor authentication in the case sending the verification email fails.",
248
+ "Login Protect checking now better logs out users immediately with a redirect.",
249
+ "We now escape the log data being printed - just in case there's any HTML/JS etc in there we don't want.",
250
+ "Optimized and cleaned a lot of the option caching code to improve reliability and performance (more to come).",
251
+ ),
252
+
253
+ '1.2.x' => array(
254
+ 'New Feature - Ability to import settings from WordPress Firewall 2 Plugin.',
255
+ 'New Feature - Login Form GASP-based Anti-Bot Protection.',
256
+ 'New Feature - Login Cooldown Interval.',
257
+ 'Performance optimizations.',
258
+ 'UI Cleanup and code improvements.',
259
+ 'Added new Login Protect feature where you can add 2-Factor Authentication to your WordPress user logins.',
260
+ 'Improved method for processing the IP address lists to be more cross-platform reliable.',
261
+ 'Improved .htaccess rules (thanks MickeyRoush).',
262
+ 'Mailing method now uses WP_MAIL.'
263
+ ),
264
+
265
+ '1.1.x' => array(
266
+ 'Option to check Cookies values in firewall testing.',
267
+ 'Ability to whitelist particular pages and their parameters.',
268
+ 'Quite a few improvements made to the reliability of the firewall processing.',
269
+ 'Option to completely ignore logged-in Administrators from the Firewall processing (they wont even trigger logging etc).',
270
+ 'Ability to (un)blacklist and (un)whitelist IP addresses directly from within the log.',
271
+ 'Helpful link to IP WHOIS from within the log.',
272
+ 'Firewall logging now has its own dedicated database table.',
273
+ 'Fix: Block email not showing the IPv4 friendly address.',
274
+ 'You can now specify IP ranges in whitelists and blacklists.',
275
+ 'You can now specify which email address to send the notification emails.',
276
+ "You can now add a comment to IP addresses in the whitelist/blacklist. To do this, write your IP address then type a SPACE and write whatever you want (don't take a new line').",
277
+ 'You can now set to delete ALL firewall settings when you deactivate the plugin.',
278
+ 'Improved formatting of the firewall log.'
279
+ )
280
+ );
281
+ ?>
282
+ <?php foreach( $aLog as $sVersion => $aItems ) : ?>
283
+ <h3><?php printf( _wpsf__('Change log for the v%s release'), $sVersion ); ?></h3>
284
+ <ul>
285
+ <?php foreach( $aItems as $sItem ) : ?>
286
+ <li><?php echo $sItem; ?></li>
287
+ <?php endforeach; ?>
288
+ </ul>
289
+ <?php endforeach; ?>
290
+ </div>
291
+ </div><!-- / span6 -->
292
+ </div><!-- / row -->
293
+
294
+ <div class="row">
295
+ <div class="span6">
296
+ </div><!-- / span6 -->
297
+ <div class="span6">
298
+ <p></p>
299
+ </div><!-- / span6 -->
300
+ </div><!-- / row -->
301
+
302
+ <?php include_once( 'icwp-wpsf-config_footer.php' );
views/icwp-wpsf-config_user_management_index.php ADDED
@@ -0,0 +1,56 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ include_once( 'icwp-wpsf-config_header.php' );
3
+ include_once( 'icwp-wpsf-config-options-table.php' );
4
+
5
+ function printSessionTable( $aSessionsData ) {
6
+ ?>
7
+ <table class="table table-bordered">
8
+ <tr>
9
+ <th><?php _wpsf_e('Username'); ?></th>
10
+ <th><?php _wpsf_e('Logged In At'); ?></th>
11
+ <th><?php _wpsf_e('Last Activity At'); ?></th>
12
+ <th><?php _wpsf_e('Last Activity URI'); ?></th>
13
+ <th><?php _wpsf_e('Login IP'); ?></th>
14
+ <th><?php _wpsf_e('Login Attempts'); ?></th>
15
+ </tr>
16
+ <?php foreach( $aSessionsData as $aSessionData ) : ?>
17
+ <tr>
18
+ <td><?php echo $aSessionData['wp_username']; ?></td>
19
+ <td><?php echo date( 'Y/m/d H:i:s', $aSessionData['logged_in_at'] ); ?></td>
20
+ <td><?php echo date( 'Y/m/d H:i:s', $aSessionData['last_activity_at'] ); ?></td>
21
+ <td><?php echo $aSessionData['last_activity_uri']; ?></td>
22
+ <td>
23
+ <a href="http://whois.domaintools.com/<?php echo long2ip( $aSessionData['ip_long'] ); ?>" target="_blank">
24
+ <?php echo long2ip( $aSessionData['ip_long'] ); ?>
25
+ </a>
26
+ </td>
27
+ <td><?php echo $aSessionData['login_attempts']; ?></td>
28
+ </tr>
29
+ <?php endforeach; ?>
30
+ </table>
31
+ <?php
32
+ }
33
+
34
+ ?>
35
+ <div class="row">
36
+ <div class="span12">
37
+ <h2><?php _wpsf_e('Current User Sessions');?></h2>
38
+ <?php if ( !empty($icwp_aActiveSessions) ) : ?>
39
+ <?php printSessionTable($icwp_aActiveSessions); ?>
40
+ <?php else : ?>
41
+ <?php _wpsf_e('You need to enable the User Management feature to view and manage user sessions.'); ?>
42
+ <?php endif; ?>
43
+ </div>
44
+ </div>
45
+ <div class="row">
46
+ <div class="span12">
47
+ <h2><?php _wpsf_e('Failed or Pending User Sessions');?> (48hrs)</h2>
48
+ <?php if ( !empty($icwp_aFailedSessions) ) : ?>
49
+ <?php printSessionTable($icwp_aFailedSessions); ?>
50
+ <?php else : ?>
51
+ <?php _wpsf_e('There are currently no failed or pending sessions to review.'); ?>
52
+ <?php endif; ?>
53
+ </div>
54
+ </div>
55
+ <?php
56
+ include_once( 'icwp-wpsf-config_footer.php' );
views/{icwp_wpsf_state_summary.php → icwp-wpsf-state_summary.php} RENAMED
@@ -2,16 +2,6 @@
2
  if ( empty($icwp_aSummaryData) ) {
3
  return;
4
  }
5
- $fAdminAccessOn = $icwp_aMainOptions['enable_admin_access_restriction'] == 'Y';
6
- $fFirewallOn = $icwp_aMainOptions['enable_firewall'] == 'Y';
7
- $fLoginProtectOn = $icwp_aMainOptions['enable_login_protect'] == 'Y';
8
- $fCommentsFilteringOn = $icwp_aMainOptions['enable_comments_filter'] == 'Y';
9
- $fLockdownOn = $icwp_aMainOptions['enable_lockdown'] == 'Y';
10
- $fAutoUpdatesOn = $icwp_aMainOptions['enable_autoupdates'] == 'Y';
11
-
12
- $sOn = _wpsf__( 'On' );
13
- $sOff = _wpsf__( 'Off' );
14
-
15
  $sInnerSpanSize = 'span4';
16
 
17
  function printFeatureSummaryBlock( $fOn, $sName, $sSettingsHref= '', $sInnerSpanSize = 4 ) {
@@ -81,19 +71,23 @@ function printFeatureSummaryBlock( $fOn, $sName, $sSettingsHref= '', $sInnerSpan
81
  font: 48px/1 'dashicons';
82
  vertical-align: top;
83
  }
84
- #feature-adminaccessprotection .feature-icon:before {
 
85
  content: "\f332";
86
  }
87
  #feature-firewall .feature-icon:before {
88
  content: "\f479";
89
  }
 
 
 
90
  #feature-loginprotection .feature-icon:before {
91
- content: "\f110";
92
  }
93
  #feature-commentsfilter .feature-icon:before {
94
- content: "\f130";
95
  }
96
- #feature-autoupdates .feature-icon:before {
97
  content: "\f463";
98
  }
99
  #feature-lockdown .feature-icon:before {
@@ -102,6 +96,11 @@ function printFeatureSummaryBlock( $fOn, $sName, $sSettingsHref= '', $sInnerSpan
102
 
103
  </style>
104
 
 
 
 
 
 
105
  <div class="row-fluid feature-summary-blocks">
106
  <?php
107
  foreach( $icwp_aSummaryData as $nKey => $aSummary ) {
2
  if ( empty($icwp_aSummaryData) ) {
3
  return;
4
  }
 
 
 
 
 
 
 
 
 
 
5
  $sInnerSpanSize = 'span4';
6
 
7
  function printFeatureSummaryBlock( $fOn, $sName, $sSettingsHref= '', $sInnerSpanSize = 4 ) {
71
  font: 48px/1 'dashicons';
72
  vertical-align: top;
73
  }
74
+ #feature-dashboard .feature-icon:before,
75
+ #feature-adminaccess .feature-icon:before {
76
  content: "\f332";
77
  }
78
  #feature-firewall .feature-icon:before {
79
  content: "\f479";
80
  }
81
+ #feature-usermanagement .feature-icon:before {
82
+ content: "\f307";
83
+ }
84
  #feature-loginprotection .feature-icon:before {
85
+ content: "\f112";
86
  }
87
  #feature-commentsfilter .feature-icon:before {
88
+ content: "\f125";
89
  }
90
+ #feature-automaticupdates .feature-icon:before {
91
  content: "\f463";
92
  }
93
  #feature-lockdown .feature-icon:before {
96
 
97
  </style>
98
 
99
+ <div class="row-fluid">
100
+ <div class="span">
101
+ <h3><?php _wpsf_e('Plugin Activated Features Summary:');?></h3>
102
+ </div>
103
+ </div>
104
  <div class="row-fluid feature-summary-blocks">
105
  <?php
106
  foreach( $icwp_aSummaryData as $nKey => $aSummary ) {
views/icwp_options_helper.php CHANGED
@@ -67,12 +67,11 @@ function printAllPluginOptionsForm( $inaAllPluginOptions, $insVarPrefix = '', $i
67
 
68
  }
69
 
70
- }//printAllPluginOptionsForm
71
 
72
  function getPluginOptionSpan( $inaOption, $iSpanSize, $insVarPrefix = '' ) {
73
 
74
  list( $sOptionKey, $sOptionSaved, $sOptionDefault, $mOptionType, $sOptionHumanName, $sOptionTitle, $sOptionHelpText, $sHelpLink ) = array_pad( $inaOption, 8, '' );
75
-
76
  if ( $sOptionKey == 'spacer' ) {
77
  $sHtml = '
78
  <div class="span'.$iSpanSize.'">
@@ -83,7 +82,7 @@ function getPluginOptionSpan( $inaOption, $iSpanSize, $insVarPrefix = '' ) {
83
  $sHelpLink = !empty($sHelpLink)? '<span>['.$sHelpLink.']</span>' : '';
84
  $sSpanId = 'span_'.$insVarPrefix.$sOptionKey;
85
  $sHtml = '
86
- <div class="span'.$iSpanSize.'" id="'.$sSpanId.'">
87
  <div class="control-group">
88
  <label class="control-label" for="'.$insVarPrefix.$sOptionKey.'">'.$sOptionHumanName.'<br />'.$sHelpLink.'</label>
89
  <div class="controls">
67
 
68
  }
69
 
70
+ }
71
 
72
  function getPluginOptionSpan( $inaOption, $iSpanSize, $insVarPrefix = '' ) {
73
 
74
  list( $sOptionKey, $sOptionSaved, $sOptionDefault, $mOptionType, $sOptionHumanName, $sOptionTitle, $sOptionHelpText, $sHelpLink ) = array_pad( $inaOption, 8, '' );
 
75
  if ( $sOptionKey == 'spacer' ) {
76
  $sHtml = '
77
  <div class="span'.$iSpanSize.'">
82
  $sHelpLink = !empty($sHelpLink)? '<span>['.$sHelpLink.']</span>' : '';
83
  $sSpanId = 'span_'.$insVarPrefix.$sOptionKey;
84
  $sHtml = '
85
+ <div class="item_group span'.$iSpanSize.' '.( ($sOptionSaved === 'Y' || $sOptionSaved != $sOptionDefault )? ' selected_item_group':'' ).'" id="'.$sSpanId.'">
86
  <div class="control-group">
87
  <label class="control-label" for="'.$insVarPrefix.$sOptionKey.'">'.$sOptionHumanName.'<br />'.$sHelpLink.'</label>
88
  <div class="controls">
views/icwp_wpsf_access_key_request_index.php DELETED
@@ -1,64 +0,0 @@
1
- <?php
2
- include_once( dirname(__FILE__).ICWP_DS.'icwp_options_helper.php' );
3
- include_once( dirname(__FILE__).ICWP_DS.'widgets'.ICWP_DS.'icwp_widgets.php' );
4
- $sPluginName = 'WordPress Simple Firewall';
5
- $fFirewallOn = $icwp_aMainOptions['enable_firewall'] == 'Y';
6
- $fLoginProtectOn = $icwp_aMainOptions['enable_login_protect'] == 'Y';
7
- $fCommentsFilteringOn = $icwp_aMainOptions['enable_comments_filter'] == 'Y';
8
- ?>
9
-
10
- <div class="wrap">
11
- <div class="bootstrap-wpadmin">
12
- <?php echo printOptionsPageHeader( _wpsf__('Admin Access Restriction') ); ?>
13
- <div class="row">
14
- <div class="span9">
15
- <?php
16
- if ( false && isset( $_COOKIE[ 'TODOcookie-name' ] ) ) { //the user hasn't created an encryption salt
17
- ?>
18
- <div class="alert alert-info">
19
- <p>You are currently authorized to access your cPanel Manager functions with this plugin.</p>
20
- <p>You will be returned here once your session times out.</p>
21
- <form method="post" action="<?php echo $worpit_form_action; ?>" class="form-horizontal">
22
- <?php wp_nonce_field( $worpit_nonce_field ); ?>
23
- <input type="hidden" name="cpm_form_submit" value="1" />
24
- <button type="submit" class="btn btn-primary" name="submit_remove_access">End cPanel Manager Session Now</button>
25
- </form>
26
- </div>
27
- <?php
28
- }
29
- else {
30
- ?>
31
- <div class="well">
32
- <h3><?php _wpsf_e( 'What should you enter here?');?></h3>
33
- <p><?php _wpsf_e( 'At some point you supplied an Admin Access Key - to manage this plugin, you must supply it here first.');?>.</p>
34
- </div>
35
- <form action="<?php echo $icwp_form_action; ?>" method="post" class="form-horizontal">
36
- <div class="control-group">
37
- <label class="control-label" for="icwp_wpsf_admin_access_key_request"><?php _wpsf_e( 'Enter Access Key');?><br></label>
38
- <div class="controls">
39
- <div class="option_section selected_item active" id="option_section_icwp_wpsf_admin_access_key">
40
- <label>
41
- <input type="text" name="icwp_wpsf_admin_access_key_request" value="" />
42
- </label>
43
- <p class="help-block"><?php _wpsf_e( 'To manage this plugin you must enter the access key.');?></p>
44
- </div>
45
- </div><!-- controls -->
46
- </div>
47
- <div class="form-actions">
48
- <?php wp_nonce_field( $icwp_nonce_field ); ?>
49
- <input type="hidden" name="icwp_plugin_form_submit" value="Y" />
50
- <button type="submit" class="btn btn-primary" name="submit"><?php _wpsf_e( 'Submit Key' ); ?></button>
51
- </div>
52
- </form>
53
- <?php
54
- }
55
- ?>
56
- </div><!-- / span9 -->
57
- <div class="span3" id="side_widgets">
58
- <?php // echo getWidgetIframeHtml( 'cpm-side-widgets' ); ?>
59
- </div>
60
- </div>
61
-
62
- </div><!-- / bootstrap-wpadmin -->
63
- <?php include_once( dirname(__FILE__).'/include_js.php' ); ?>
64
- </div><!-- / wrap -->
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
views/icwp_wpsf_config_comments_filter_index.php DELETED
@@ -1,35 +0,0 @@
1
- <?php
2
- include_once( dirname(__FILE__).ICWP_DS.'icwp_options_helper.php' );
3
- include_once( dirname(__FILE__).ICWP_DS.'widgets'.ICWP_DS.'icwp_widgets.php' );
4
- ?>
5
- <div class="wrap">
6
- <div class="bootstrap-wpadmin">
7
- <?php echo printOptionsPageHeader( _wpsf__('Comments (SPAM) Filter') ); ?>
8
-
9
- <div class="row">
10
- <div class="<?php echo $icwp_fShowAds? 'span9' : 'span12'; ?>">
11
-
12
- <form action="<?php echo $icwp_form_action; ?>" method="post" class="form-horizontal">
13
- <?php
14
- wp_nonce_field( $icwp_nonce_field );
15
- printAllPluginOptionsForm( $icwp_aAllOptions, $icwp_var_prefix, 1 );
16
- ?>
17
- <div class="form-actions">
18
- <input type="hidden" name="<?php echo $icwp_var_prefix; ?>all_options_input" value="<?php echo $icwp_all_options_input; ?>" />
19
- <input type="hidden" name="icwp_plugin_form_submit" value="Y" />
20
- <button type="submit" class="btn btn-primary" name="submit"><?php _wpsf_e( 'Save All Settings' ); ?></button>
21
- </div>
22
- </form>
23
-
24
- </div><!-- / span9 -->
25
-
26
- <?php if ( $icwp_fShowAds ) : ?>
27
- <div class="span3" id="side_widgets">
28
- <?php echo getWidgetIframeHtml('side-widgets-wtb'); ?>
29
- </div>
30
- <?php endif; ?>
31
- </div><!-- / row -->
32
-
33
- </div><!-- / bootstrap-wpadmin -->
34
- <?php include_once( dirname(__FILE__).'/include_js.php' ); ?>
35
- </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
views/icwp_wpsf_config_firewall_index.php DELETED
@@ -1,38 +0,0 @@
1
- <?php
2
- include_once( dirname(__FILE__).ICWP_DS.'icwp_options_helper.php' );
3
- include_once( dirname(__FILE__).ICWP_DS.'widgets'.ICWP_DS.'icwp_widgets.php' );
4
- ?>
5
- <div class="wrap">
6
- <div class="bootstrap-wpadmin">
7
- <?php echo printOptionsPageHeader( _wpsf__('Firewall') ); ?>
8
-
9
- <div class="row">
10
- <div class="<?php echo $icwp_fShowAds? 'span9' : 'span12'; ?>">
11
-
12
- <form action="<?php echo $icwp_form_action; ?>" method="post" class="form-horizontal">
13
- <?php
14
- wp_nonce_field( $icwp_nonce_field );
15
- printAllPluginOptionsForm( $icwp_aAllOptions, $icwp_var_prefix, 1 );
16
- ?>
17
- <div class="form-actions">
18
- <input type="hidden" name="<?php echo $icwp_var_prefix; ?>all_options_input" value="<?php echo $icwp_all_options_input; ?>" />
19
- <input type="hidden" name="icwp_plugin_form_submit" value="Y" />
20
- <button type="submit" class="btn btn-primary" name="submit"><?php _wpsf_e( 'Save All Settings' ); ?></button>
21
- <?php if ( get_option ('WP_firewall_redirect_page') ) :?>
22
- <button type="submit" class="btn btn-warning" name="import-wpf2-submit"><?php _wpsf_e( 'Import From WordPress Firewall 2' ); ?></button>
23
- <?php endif; ?>
24
- </div>
25
- </form>
26
-
27
- </div><!-- / span9 -->
28
-
29
- <?php if ( $icwp_fShowAds ) : ?>
30
- <div class="span3" id="side_widgets">
31
- <?php echo getWidgetIframeHtml('side-widgets-wtb'); ?>
32
- </div>
33
- <?php endif; ?>
34
- </div><!-- / row -->
35
-
36
- </div><!-- / bootstrap-wpadmin -->
37
- <?php include_once( dirname(__FILE__).'/include_js.php' ); ?>
38
- </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
views/icwp_wpsf_config_lockdown_index.php DELETED
@@ -1,35 +0,0 @@
1
- <?php
2
- include_once( dirname(__FILE__).ICWP_DS.'icwp_options_helper.php' );
3
- include_once( dirname(__FILE__).ICWP_DS.'widgets'.ICWP_DS.'icwp_widgets.php' );
4
- ?>
5
- <div class="wrap">
6
- <div class="bootstrap-wpadmin">
7
- <?php echo printOptionsPageHeader( _wpsf__('Lockdown') ); ?>
8
-
9
- <div class="row">
10
- <div class="<?php echo $icwp_fShowAds? 'span9' : 'span12'; ?>">
11
-
12
- <form action="<?php echo $icwp_form_action; ?>" method="post" class="form-horizontal">
13
- <?php
14
- wp_nonce_field( $icwp_nonce_field );
15
- printAllPluginOptionsForm( $icwp_aAllOptions, $icwp_var_prefix, 1 );
16
- ?>
17
- <div class="form-actions">
18
- <input type="hidden" name="<?php echo $icwp_var_prefix; ?>all_options_input" value="<?php echo $icwp_all_options_input; ?>" />
19
- <input type="hidden" name="icwp_plugin_form_submit" value="Y" />
20
- <button type="submit" class="btn btn-primary" name="submit"><?php _wpsf_e( 'Save All Settings' ); ?></button>
21
- </div>
22
- </form>
23
-
24
- </div><!-- / span9 -->
25
-
26
- <?php if ( $icwp_fShowAds ) : ?>
27
- <div class="span3" id="side_widgets">
28
- <?php echo getWidgetIframeHtml('side-widgets-wtb'); ?>
29
- </div>
30
- <?php endif; ?>
31
- </div><!-- / row -->
32
-
33
- </div><!-- / bootstrap-wpadmin -->
34
- <?php include_once( dirname(__FILE__).'/include_js.php' ); ?>
35
- </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
views/icwp_wpsf_config_login_protect_index.php DELETED
@@ -1,36 +0,0 @@
1
- <?php
2
- include_once( dirname(__FILE__).ICWP_DS.'icwp_options_helper.php' );
3
- include_once( dirname(__FILE__).ICWP_DS.'widgets'.ICWP_DS.'icwp_widgets.php' );
4
- ?>
5
- <div class="wrap">
6
- <div class="bootstrap-wpadmin">
7
- <?php echo printOptionsPageHeader( _wpsf__('Login Protection') ); ?>
8
-
9
- <div class="row">
10
- <div class="<?php echo $icwp_fShowAds? 'span9' : 'span12'; ?>">
11
-
12
- <form action="<?php echo $icwp_form_action; ?>" method="post" class="form-horizontal">
13
- <?php
14
- wp_nonce_field( $icwp_nonce_field );
15
- printAllPluginOptionsForm( $icwp_aAllOptions, $icwp_var_prefix, 1 );
16
- ?>
17
- <div class="form-actions">
18
- <input type="hidden" name="<?php echo $icwp_var_prefix; ?>all_options_input" value="<?php echo $icwp_all_options_input; ?>" />
19
- <input type="hidden" name="icwp_plugin_form_submit" value="Y" />
20
- <button type="submit" class="btn btn-primary" name="submit"><?php _wpsf_e( 'Save All Settings' ); ?></button>
21
- <button type="submit" class="btn btn-warning" name="terminate-all-logins" value="1" style="margin-left: 15px"><?php _wpsf_e( 'Clear All Verified Logins' ); ?></button>
22
- </div>
23
- </form>
24
-
25
- </div><!-- / span9 -->
26
-
27
- <?php if ( $icwp_fShowAds ) : ?>
28
- <div class="span3" id="side_widgets">
29
- <?php echo getWidgetIframeHtml('side-widgets-wtb'); ?>
30
- </div>
31
- <?php endif; ?>
32
- </div><!-- / row -->
33
-
34
- </div><!-- / bootstrap-wpadmin -->
35
- <?php include_once( dirname(__FILE__).'/include_js.php' ); ?>
36
- </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
views/icwp_wpsf_config_privacy_protect_index.php DELETED
@@ -1,35 +0,0 @@
1
- <?php
2
- include_once( dirname(__FILE__).ICWP_DS.'icwp_options_helper.php' );
3
- include_once( dirname(__FILE__).ICWP_DS.'widgets'.ICWP_DS.'icwp_widgets.php' );
4
- ?>
5
- <div class="wrap">
6
- <div class="bootstrap-wpadmin">
7
- <?php echo printOptionsPageHeader( _wpsf__('Privacy Protect') ); ?>
8
-
9
- <div class="row">
10
- <div class="<?php echo $icwp_fShowAds? 'span9' : 'span12'; ?>">
11
-
12
- <form action="<?php echo $icwp_form_action; ?>" method="post" class="form-horizontal">
13
- <?php
14
- wp_nonce_field( $icwp_nonce_field );
15
- printAllPluginOptionsForm( $icwp_aAllOptions, $icwp_var_prefix, 1 );
16
- ?>
17
- <div class="form-actions">
18
- <input type="hidden" name="<?php echo $icwp_var_prefix; ?>all_options_input" value="<?php echo $icwp_all_options_input; ?>" />
19
- <input type="hidden" name="icwp_plugin_form_submit" value="Y" />
20
- <button type="submit" class="btn btn-primary" name="submit"><?php _wpsf_e( 'Save All Settings' ); ?></button>
21
- </div>
22
- </form>
23
-
24
- </div><!-- / span9 -->
25
-
26
- <?php if ( $icwp_fShowAds ) : ?>
27
- <div class="span3" id="side_widgets">
28
- <?php echo getWidgetIframeHtml('side-widgets-wtb'); ?>
29
- </div>
30
- <?php endif; ?>
31
- </div><!-- / row -->
32
-
33
- </div><!-- / bootstrap-wpadmin -->
34
- <?php include_once( dirname(__FILE__).'/include_js.php' ); ?>
35
- </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
views/icwp_wpsf_firewall_log_index.php CHANGED
@@ -1,69 +1,37 @@
1
  <?php
2
- include_once( dirname(__FILE__).ICWP_DS.'icwp_options_helper.php' );
3
- include_once( dirname(__FILE__).ICWP_DS.'widgets'.ICWP_DS.'icwp_widgets.php' );
4
- $sPluginName = 'WordPress Simple Firewall';
5
  $aLogTypes = array(
6
  0 => _wpsf__('Info'),
7
  1 => _wpsf__('Warning'),
8
  2 => _wpsf__('Critical')
9
  );
10
  ?>
11
- <style>
12
- tr.row-Info td {
13
- }
14
- tr.row-Warning td {
15
- background-color: #F2D5AE;
16
- }
17
- tr.row-Critical td {
18
- background-color: #DBAFB0;
19
- }
20
- tr.row-log-header td {
21
- border-top: 2px solid #999 !important;
22
- }
23
- td.cell-log-type {
24
- text-align: right !important;
25
- }
26
- td .cell-section {
27
- display: inline-block;
28
- }
29
- td .section-ip {
30
- width: 68%;
31
- }
32
- td .section-timestamp {
33
- text-align: right;
34
- width: 28%;
35
- }
36
- </style>
37
-
38
- <div class="wrap">
39
- <div class="bootstrap-wpadmin">
40
- <?php echo printOptionsPageHeader( _wpsf__('Firewall Log') ); ?>
41
 
42
- <div class="row">
43
- <div class="<?php echo $icwp_fShowAds? 'span9' : 'span12'; ?>">
44
- <form action="<?php echo $icwp_form_action; ?>" method="post" class="form-horizontal">
45
- <?php
46
- wp_nonce_field( $icwp_nonce_field );
47
- ?>
48
- <div class="form-actions">
49
- <input type="hidden" name="icwp_plugin_form_submit" value="Y" />
50
- <button type="submit" class="btn btn-primary" name="clear_log_submit"><?php _wpsf_e( 'Clear/Fix Log' ); ?></button>
51
- </div>
52
- </form>
53
-
54
- <?php if ( !$icwp_firewall_log ) : ?>
55
- <?php echo 'There are currently no logs to display. If you expect there to be some, use the button above to Clean/Fix them.'; ?>
56
- <?php else : ?>
57
 
58
  <table class="table table-bordered table-hover table-condensed">
59
  <tr>
60
  <th><?php _wpsf_e('Message Type'); ?></th>
61
  <th><?php _wpsf_e('Message'); ?></th>
62
  </tr>
63
- <?php foreach( $icwp_firewall_log as $sId => $aLogData ) : ?>
64
- <tr class="row-log-header">
65
- <td>IP: <strong><?php echo $aLogData['ip']; ?></strong></td>
66
- <td colspan="2">
67
  <span class="cell-section section-ip">
68
  [ <a href="http://whois.domaintools.com/<?php echo $aLogData['ip']; ?>" target="_blank"><?php _wpsf_e('IPWHOIS Lookup');?></a> ]
69
  [
@@ -81,43 +49,67 @@ $aLogTypes = array(
81
  <?php endif; ?>
82
  ]
83
  </span>
84
- <span class="cell-section section-timestamp"><?php echo date( 'Y/m/d H:i:s', $aLogData['created_at'] ); ?></span>
85
- </td>
86
- </tr>
87
- <?php
88
- $aMessages = unserialize( $aLogData['messages'] );
89
- if ( is_array( $aMessages ) ) {
90
- foreach( $aMessages as $aLogItem ) :
91
- list( $sLogType, $sLogMessage ) = $aLogItem;
92
- ?>
93
- <tr class="row-<?php echo $aLogTypes[$sLogType]; ?>">
94
- <td class="cell-log-type"><?php echo $aLogTypes[$sLogType] ?></td>
95
- <td><?php echo esc_attr($sLogMessage); ?></td>
96
- </tr>
97
  <?php
98
- endforeach;
99
- }
100
- endforeach; ?>
 
 
 
 
 
 
 
 
 
 
101
  </table>
102
 
103
  <?php endif; ?>
104
- </div><!-- / span9 -->
105
-
106
- <?php if ( $icwp_fShowAds ) : ?>
107
  <div class="span3" id="side_widgets">
108
- <?php echo getWidgetIframeHtml('side-widgets-wtb'); ?>
109
  </div>
110
- <?php endif; ?>
111
- </div><!-- / row -->
112
-
113
- <div class="row">
114
- <div class="span6">
115
- </div><!-- / span6 -->
116
- <div class="span6">
117
- <p></p>
118
- </div><!-- / span6 -->
119
- </div><!-- / row -->
120
-
121
- </div><!-- / bootstrap-wpadmin -->
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
122
 
123
- </div><!-- / wrap -->
1
  <?php
2
+ include_once( 'icwp-wpsf-config_header.php' );
3
+
 
4
  $aLogTypes = array(
5
  0 => _wpsf__('Info'),
6
  1 => _wpsf__('Warning'),
7
  2 => _wpsf__('Critical')
8
  );
9
  ?>
10
+ <div class="row">
11
+ <div class="<?php echo $icwp_fShowAds? 'span9' : 'span12'; ?>">
12
+ <form action="<?php echo $icwp_form_action; ?>" method="post" class="form-horizontal">
13
+ <?php
14
+ wp_nonce_field( $icwp_nonce_field );
15
+ ?>
16
+ <div class="form-actions">
17
+ <input type="hidden" name="icwp_plugin_form_submit" value="Y" />
18
+ <button type="submit" class="btn btn-primary" name="clear_log_submit" value="1"><?php _wpsf_e( 'Clear/Fix Log' ); ?></button>
19
+ </div>
20
+ </form>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
21
 
22
+ <?php if ( !$icwp_firewall_log ) : ?>
23
+ <?php echo 'There are currently no logs to display. If you expect there to be some, use the button above to Clean/Fix them.'; ?>
24
+ <?php else : ?>
 
 
 
 
 
 
 
 
 
 
 
 
25
 
26
  <table class="table table-bordered table-hover table-condensed">
27
  <tr>
28
  <th><?php _wpsf_e('Message Type'); ?></th>
29
  <th><?php _wpsf_e('Message'); ?></th>
30
  </tr>
31
+ <?php foreach( $icwp_firewall_log as $sId => $aLogData ) : ?>
32
+ <tr class="row-log-header">
33
+ <td>IP: <strong><?php echo $aLogData['ip']; ?></strong></td>
34
+ <td colspan="2">
35
  <span class="cell-section section-ip">
36
  [ <a href="http://whois.domaintools.com/<?php echo $aLogData['ip']; ?>" target="_blank"><?php _wpsf_e('IPWHOIS Lookup');?></a> ]
37
  [
49
  <?php endif; ?>
50
  ]
51
  </span>
52
+ <span class="cell-section section-timestamp"><?php echo date( 'Y/m/d H:i:s', $aLogData['created_at'] ); ?></span>
53
+ </td>
54
+ </tr>
 
 
 
 
 
 
 
 
 
 
55
  <?php
56
+ $aMessages = unserialize( $aLogData['messages'] );
57
+ if ( is_array( $aMessages ) ) {
58
+ foreach( $aMessages as $aLogItem ) :
59
+ list( $sLogType, $sLogMessage ) = $aLogItem;
60
+ ?>
61
+ <tr class="row-<?php echo $aLogTypes[$sLogType]; ?>">
62
+ <td class="cell-log-type"><?php echo $aLogTypes[$sLogType] ?></td>
63
+ <td><?php echo esc_attr($sLogMessage); ?></td>
64
+ </tr>
65
+ <?php
66
+ endforeach;
67
+ }
68
+ endforeach; ?>
69
  </table>
70
 
71
  <?php endif; ?>
72
+ </div><!-- / span9 -->
73
+
74
+ <?php if ( $icwp_fShowAds ) : ?>
75
  <div class="span3" id="side_widgets">
76
+ <?php echo getWidgetIframeHtml('side-widgets-wtb'); ?>
77
  </div>
78
+ <?php endif; ?>
79
+ </div><!-- / row -->
80
+
81
+ <div class="row">
82
+ <div class="span6">
83
+ </div><!-- / span6 -->
84
+ <div class="span6">
85
+ <p></p>
86
+ </div><!-- / span6 -->
87
+ </div><!-- / row -->
88
+ <style>
89
+ tr.row-Info td {
90
+ }
91
+ tr.row-Warning td {
92
+ background-color: #F2D5AE;
93
+ }
94
+ tr.row-Critical td {
95
+ background-color: #DBAFB0;
96
+ }
97
+ tr.row-log-header td {
98
+ border-top: 2px solid #999 !important;
99
+ }
100
+ td.cell-log-type {
101
+ text-align: right !important;
102
+ }
103
+ td .cell-section {
104
+ display: inline-block;
105
+ }
106
+ td .section-ip {
107
+ width: 68%;
108
+ }
109
+ td .section-timestamp {
110
+ text-align: right;
111
+ width: 28%;
112
+ }
113
+ </style>
114
 
115
+ <?php include_once( 'icwp-wpsf-config_footer.php' );
views/icwp_wpsf_index.php CHANGED
@@ -1,19 +1,6 @@
1
- <?php
2
- include_once( dirname(__FILE__).ICWP_DS.'icwp_options_helper.php' );
3
- include_once( dirname(__FILE__).ICWP_DS.'widgets'.ICWP_DS.'icwp_widgets.php' );
4
- $sPluginName = 'WordPress Simple Firewall';
5
- $fAdminAccessOn = $icwp_aMainOptions['enable_admin_access_restriction'] == 'Y';
6
- $fFirewallOn = $icwp_aMainOptions['enable_firewall'] == 'Y';
7
- $fLoginProtectOn = $icwp_aMainOptions['enable_login_protect'] == 'Y';
8
- $fCommentsFilteringOn = $icwp_aMainOptions['enable_comments_filter'] == 'Y';
9
- $fLockdownOn = $icwp_aMainOptions['enable_lockdown'] == 'Y';
10
- $fAutoUpdatesOn = $icwp_aMainOptions['enable_autoupdates'] == 'Y';
11
-
12
- $sLatestVersionBranch = '2.x.x';
13
- $sOn = _wpsf__( 'On' );
14
- $sOff = _wpsf__( 'Off' );
15
  ?>
16
-
17
  <div class="wrap">
18
  <div class="bootstrap-wpadmin">
19
  <?php echo printOptionsPageHeader( 'Dashboard' ); ?>
@@ -29,9 +16,6 @@ $sOff = _wpsf__( 'Off' );
29
 
30
  <div class="row">
31
  <div class="<?php echo $icwp_fShowAds? 'span9' : 'span12'; ?>">
32
-
33
- <?php include_once( dirname(__FILE__).'/icwp_wpsf_state_summary.php' ); ?>
34
-
35
  <form action="<?php echo $icwp_form_action; ?>" method="post" class="form-horizontal">
36
  <?php
37
  wp_nonce_field( $icwp_nonce_field );
@@ -167,14 +151,14 @@ $sOff = _wpsf__( 'Off' );
167
  <?php endif; ?>
168
  <hr/>
169
  <h4 style="margin-top:20px;">
170
- <?php printf( _wpsf__('Auto Updates is %s'), $fAutoUpdatesOn ? $sOn : $sOff ); ?>
171
  [ <a href="admin.php?page=icwp-wpsf-autoupdates"><?php _wpsf_e('Configure Now'); ?></a> ]</h4>
172
- <?php if ( $fAutoUpdatesOn ) :
173
 
174
- if ( $icwp_aAutoUpdatesOptions['autoupdate_core'] == 'core_never' ) {
175
  $sAutoCoreUpdateOption = $sOff;
176
  }
177
- else if ( $icwp_aAutoUpdatesOptions['autoupdate_core'] == 'core_minor' ) {
178
  $sAutoCoreUpdateOption = _wpsf__('Minor Versions Only');
179
  }
180
  else {
@@ -182,12 +166,12 @@ $sOff = _wpsf__( 'Off' );
182
  }
183
  ?>
184
  <ul>
185
- <li><?php printf( _wpsf__('Automatically Update WordPress Simple Firewall Plugin: %s'), ($icwp_aAutoUpdatesOptions['autoupdate_plugin_self'] == 'Y')? $sOn : $sOff ); ?></li>
186
  <li><?php printf( _wpsf__('Automatically Update WordPress Core: %s'), $sAutoCoreUpdateOption ); ?></li>
187
- <li><?php printf( _wpsf__('Automatically Update Plugins: %s'), ($icwp_aAutoUpdatesOptions['enable_autoupdate_plugins'] == 'Y')? $sOn : $sOff ); ?></li>
188
- <li><?php printf( _wpsf__('Automatically Update Themes: %s'), ($icwp_aAutoUpdatesOptions['enable_autoupdate_themes'] == 'Y')? $sOn : $sOff ); ?></li>
189
- <li><?php printf( _wpsf__('Automatically Update Translations: %s'), ($icwp_aAutoUpdatesOptions['enable_autoupdate_translations'] == 'Y')? $sOn : $sOff ); ?></li>
190
- <li><?php printf( _wpsf__('Ignore Version Control Systems: %s'), ($icwp_aAutoUpdatesOptions['enable_autoupdate_ignore_vcs'] == 'Y')? $sOn : $sOff ); ?></li>
191
  </ul>
192
  <?php endif; ?>
193
  </div>
1
+ <?php
2
+ include_once( 'icwp-wpsf-config_header.php' );
 
 
 
 
 
 
 
 
 
 
 
 
3
  ?>
 
4
  <div class="wrap">
5
  <div class="bootstrap-wpadmin">
6
  <?php echo printOptionsPageHeader( 'Dashboard' ); ?>
16
 
17
  <div class="row">
18
  <div class="<?php echo $icwp_fShowAds? 'span9' : 'span12'; ?>">
 
 
 
19
  <form action="<?php echo $icwp_form_action; ?>" method="post" class="form-horizontal">
20
  <?php
21
  wp_nonce_field( $icwp_nonce_field );
151
  <?php endif; ?>
152
  <hr/>
153
  <h4 style="margin-top:20px;">
154
+ <?php printf( _wpsf__('Auto Updates is %s'), $fAutoupdatesOn ? $sOn : $sOff ); ?>
155
  [ <a href="admin.php?page=icwp-wpsf-autoupdates"><?php _wpsf_e('Configure Now'); ?></a> ]</h4>
156
+ <?php if ( $fAutoupdatesOn ) :
157
 
158
+ if ( $icwp_aAutoupdatesOptions['autoupdate_core'] == 'core_never' ) {
159
  $sAutoCoreUpdateOption = $sOff;
160
  }
161
+ else if ( $icwp_aAutoupdatesOptions['autoupdate_core'] == 'core_minor' ) {
162
  $sAutoCoreUpdateOption = _wpsf__('Minor Versions Only');
163
  }
164
  else {
166
  }
167
  ?>
168
  <ul>
169
+ <li><?php printf( _wpsf__('Automatically Update WordPress Simple Firewall Plugin: %s'), ($icwp_aAutoupdatesOptions['autoupdate_plugin_self'] == 'Y')? $sOn : $sOff ); ?></li>
170
  <li><?php printf( _wpsf__('Automatically Update WordPress Core: %s'), $sAutoCoreUpdateOption ); ?></li>
171
+ <li><?php printf( _wpsf__('Automatically Update Plugins: %s'), ($icwp_aAutoupdatesOptions['enable_autoupdate_plugins'] == 'Y')? $sOn : $sOff ); ?></li>
172
+ <li><?php printf( _wpsf__('Automatically Update Themes: %s'), ($icwp_aAutoupdatesOptions['enable_autoupdate_themes'] == 'Y')? $sOn : $sOff ); ?></li>
173
+ <li><?php printf( _wpsf__('Automatically Update Translations: %s'), ($icwp_aAutoupdatesOptions['enable_autoupdate_translations'] == 'Y')? $sOn : $sOff ); ?></li>
174
+ <li><?php printf( _wpsf__('Ignore Version Control Systems: %s'), ($icwp_aAutoupdatesOptions['enable_autoupdate_ignore_vcs'] == 'Y')? $sOn : $sOff ); ?></li>
175
  </ul>
176
  <?php endif; ?>
177
  </div>
views/icwp_wpsf_privacy_protect_log_index.php CHANGED
@@ -1,44 +1,22 @@
1
  <?php
2
- include_once( dirname(__FILE__).ICWP_DS.'icwp_options_helper.php' );
3
- include_once( dirname(__FILE__).ICWP_DS.'widgets'.ICWP_DS.'icwp_widgets.php' );
4
-
5
  $icwp_fShowAds = false;
6
  ?>
7
- <style>
8
- dt {
9
- width: auto !important;
10
- }
11
- tr.row-log-header td {
12
- border-top: 2px solid #999 !important;
13
- }
14
- td .cell-section {
15
- display: inline-block;
16
- }
17
- td .section-timestamp {
18
- text-align: right;
19
- width: 28%;
20
- }
21
- </style>
22
-
23
- <div class="wrap">
24
- <div class="bootstrap-wpadmin">
25
- <?php echo printOptionsPageHeader( _wpsf__('Privacy Log') ); ?>
26
 
27
- <div class="row">
28
- <div class="<?php echo $icwp_fShowAds? 'span9' : 'span12'; ?>">
29
- <form action="<?php echo $icwp_form_action; ?>" method="post" class="form-horizontal">
30
- <?php
31
- wp_nonce_field( $icwp_nonce_field );
32
- ?>
33
- <div class="form-actions">
34
- <input type="hidden" name="icwp_plugin_form_submit" value="Y" />
35
- <button type="submit" class="btn btn-primary" name="clear_log_submit"><?php _wpsf_e( 'Clear/Fix Log' ); ?></button>
36
- </div>
37
- </form>
38
-
39
- <?php if ( !$icwp_urlrequests_log ) : ?>
40
- <?php echo 'There are currently no logs to display. If you expect there to be some, use the button above to Clean/Fix them.'; ?>
41
- <?php else : ?>
42
 
43
  <table class="table table-bordered table-hover table-condensed">
44
  <tr>
@@ -71,23 +49,37 @@ $icwp_fShowAds = false;
71
  </table>
72
 
73
  <?php endif; ?>
74
- </div><!-- / span9 -->
75
-
76
- <?php if ( $icwp_fShowAds ) : ?>
77
  <div class="span3" id="side_widgets">
78
- <?php echo getWidgetIframeHtml('side-widgets-wtb'); ?>
79
  </div>
80
- <?php endif; ?>
81
- </div><!-- / row -->
82
-
83
- <div class="row">
84
- <div class="span6">
85
- </div><!-- / span6 -->
86
- <div class="span6">
87
- <p></p>
88
- </div><!-- / span6 -->
89
- </div><!-- / row -->
90
-
91
- </div><!-- / bootstrap-wpadmin -->
 
 
 
 
 
 
 
 
 
 
 
 
 
 
92
 
93
- </div><!-- / wrap -->
1
  <?php
2
+ include_once( 'icwp-wpsf-config_header.php' );
 
 
3
  $icwp_fShowAds = false;
4
  ?>
5
+ <div class="row">
6
+ <div class="<?php echo $icwp_fShowAds? 'span9' : 'span12'; ?>">
7
+ <form action="<?php echo $icwp_form_action; ?>" method="post" class="form-horizontal">
8
+ <?php
9
+ wp_nonce_field( $icwp_nonce_field );
10
+ ?>
11
+ <div class="form-actions">
12
+ <input type="hidden" name="icwp_plugin_form_submit" value="Y" />
13
+ <button type="submit" class="btn btn-primary" name="clear_log_submit"><?php _wpsf_e( 'Clear/Fix Log' ); ?></button>
14
+ </div>
15
+ </form>
 
 
 
 
 
 
 
 
16
 
17
+ <?php if ( !$icwp_urlrequests_log ) : ?>
18
+ <?php echo 'There are currently no logs to display. If you expect there to be some, use the button above to Clean/Fix them.'; ?>
19
+ <?php else : ?>
 
 
 
 
 
 
 
 
 
 
 
 
20
 
21
  <table class="table table-bordered table-hover table-condensed">
22
  <tr>
49
  </table>
50
 
51
  <?php endif; ?>
52
+ </div><!-- / span9 -->
53
+
54
+ <?php if ( $icwp_fShowAds ) : ?>
55
  <div class="span3" id="side_widgets">
56
+ <?php echo getWidgetIframeHtml('side-widgets-wtb'); ?>
57
  </div>
58
+ <?php endif; ?>
59
+ </div><!-- / row -->
60
+
61
+ <div class="row">
62
+ <div class="span6">
63
+ </div><!-- / span6 -->
64
+ <div class="span6">
65
+ <p></p>
66
+ </div><!-- / span6 -->
67
+ </div><!-- / row -->
68
+
69
+ <style>
70
+ dt {
71
+ width: auto !important;
72
+ }
73
+ tr.row-log-header td {
74
+ border-top: 2px solid #999 !important;
75
+ }
76
+ td .cell-section {
77
+ display: inline-block;
78
+ }
79
+ td .section-timestamp {
80
+ text-align: right;
81
+ width: 28%;
82
+ }
83
+ </style>
84
 
85
+ <?php include_once( 'icwp-wpsf-config_footer.php' );