2015-10-15 22:52:37 +10:00
< ? php
class MainWP_Child_iThemes_Security {
public static $instance = null ;
static function Instance () {
if ( null === MainWP_Child_iThemes_Security :: $instance ) {
MainWP_Child_iThemes_Security :: $instance = new MainWP_Child_iThemes_Security ();
}
return MainWP_Child_iThemes_Security :: $instance ;
}
public function __construct () {
2015-12-22 19:18:07 +01:00
add_filter ( 'mainwp-site-sync-others-data' , array ( $this , 'syncOthersData' ), 10 , 2 );
2015-10-15 22:52:37 +10:00
}
2015-12-22 19:18:07 +01:00
function syncOthersData ( $information , $data = array () ) {
2015-10-15 22:52:37 +10:00
if ( is_array ( $data ) && isset ( $data [ 'ithemeExtActivated' ] ) && ( 'yes' === $data [ 'ithemeExtActivated' ] ) ) {
MainWP_Helper :: update_option ( 'mainwp_ithemes_ext_activated' , 'Y' );
} else {
MainWP_Helper :: update_option ( 'mainwp_ithemes_ext_activated' , '' );
}
2015-12-22 19:18:07 +01:00
return $information ;
2015-10-15 22:52:37 +10:00
}
public function action () {
$information = array ();
2016-06-08 21:47:49 +02:00
if ( ! class_exists ( 'ITSEC_Core' ) || ! class_exists ( 'ITSEC_Modules' )) {
$information [ 'error' ] = 'NO_ITHEME' ;
2015-10-15 22:52:37 +10:00
MainWP_Helper :: write ( $information );
2016-08-02 19:51:22 +02:00
}
2016-06-08 21:47:49 +02:00
global $mainwp_itsec_modules_path ;
2016-08-02 19:51:22 +02:00
2016-06-08 21:47:49 +02:00
$mainwp_itsec_modules_path = ITSEC_Core :: get_core_dir () . '/modules/' ;
MainWP_Helper :: update_option ( 'mainwp_ithemes_ext_enabled' , 'Y' , 'yes' );
2016-08-02 19:51:22 +02:00
2015-10-15 22:52:37 +10:00
if ( isset ( $_POST [ 'mwp_action' ] ) ) {
switch ( $_POST [ 'mwp_action' ] ) {
case 'set_showhide' :
$information = $this -> set_showhide ();
break ;
case 'save_settings' :
$information = $this -> save_settings ();
break ;
2016-06-08 21:47:49 +02:00
// case 'whitelist':
// $information = $this->whitelist();
// break;
2015-10-15 22:52:37 +10:00
case 'whitelist_release' :
$information = $this -> whitelist_release ();
break ;
case 'backup_db' :
$information = $this -> backup_db ();
break ;
case 'admin_user' :
$information = $this -> admin_user ();
break ;
case 'database_prefix' :
2016-06-08 21:47:49 +02:00
$information = $this -> change_database_prefix ();
2015-10-15 22:52:37 +10:00
break ;
2016-06-08 21:47:49 +02:00
// case 'api_key':
// $information = $this->api_key();
// break;
2016-08-02 19:51:22 +02:00
case 'reset_api_key' :
$information = $this -> reset_api_key ();
break ;
2015-10-15 22:52:37 +10:00
case 'malware_scan' :
$information = $this -> malware_scan ();
break ;
2016-06-08 21:47:49 +02:00
// case 'malware_get_scan_results':
// $information = $this->malware_get_scan_results();
// break;
2015-10-15 22:52:37 +10:00
case 'clear_all_logs' :
$information = $this -> purge_logs ();
break ;
2016-06-08 21:47:49 +02:00
case 'file_change' :
$information = $this -> file_change ();
2015-10-15 22:52:37 +10:00
break ;
case 'release_lockout' :
$information = $this -> release_lockout ();
break ;
2016-06-08 21:47:49 +02:00
case 'module_status' :
$information = $this -> update_module_status ();
2016-08-02 19:51:22 +02:00
break ;
2016-06-08 21:47:49 +02:00
case 'wordpress_salts' :
$information = $this -> wordpress_salts ();
break ;
case 'file_permissions' :
$information = $this -> file_permissions ();
break ;
2016-08-02 19:51:22 +02:00
case 'reload_backup_exclude' :
$information = $this -> reload_backup_exclude ();
break ;
case 'security_site' :
$information = $this -> security_site ();
break ;
case 'activate_network_brute_force' :
$information = $this -> activate_network_brute_force ();
break ;
2015-10-15 22:52:37 +10:00
}
}
MainWP_Helper :: write ( $information );
}
2016-08-02 19:51:22 +02:00
function set_showhide () {
2015-10-15 22:52:37 +10:00
$hide = isset ( $_POST [ 'showhide' ] ) && ( 'hide' === $_POST [ 'showhide' ] ) ? 'hide' : '' ;
MainWP_Helper :: update_option ( 'mainwp_ithemes_hide_plugin' , $hide );
2016-06-08 21:47:49 +02:00
$information [ 'result' ] = 'success' ;
2015-10-15 22:52:37 +10:00
return $information ;
}
public function ithemes_init () {
if ( get_option ( 'mainwp_ithemes_ext_enabled' ) !== 'Y' ) {
return ;
}
if ( get_option ( 'mainwp_ithemes_hide_plugin' ) === 'hide' ) {
add_filter ( 'all_plugins' , array ( $this , 'all_plugins' ) );
add_action ( 'admin_menu' , array ( $this , 'remove_menu' ) );
add_action ( 'admin_init' , array ( $this , 'admin_init' ) );
}
}
public function admin_init () {
remove_meta_box ( 'itsec-dashboard-widget' , 'dashboard' , 'normal' );
}
public function all_plugins ( $plugins ) {
foreach ( $plugins as $key => $value ) {
$plugin_slug = basename ( $key , '.php' );
if ( 'better-wp-security' === $plugin_slug || 'ithemes-security-pro' === $plugin_slug ) {
unset ( $plugins [ $key ] );
}
}
return $plugins ;
}
public function remove_menu () {
remove_menu_page ( 'itsec' );
}
function save_settings () {
2016-08-02 19:51:22 +02:00
2015-10-15 22:52:37 +10:00
if ( ! class_exists ( 'ITSEC_Lib' ) ) {
2016-06-08 21:47:49 +02:00
require ( ITSEC_Core :: get_core_dir () . '/core/class-itsec-lib.php' );
}
2016-08-02 19:51:22 +02:00
2016-06-08 21:47:49 +02:00
$_itsec_modules = array (
2016-08-02 19:51:22 +02:00
'global' ,
2016-06-08 21:47:49 +02:00
'away-mode' ,
2016-08-02 19:51:22 +02:00
'backup' ,
2016-06-08 21:47:49 +02:00
'hide-backend' ,
'ipcheck' ,
'ban-users' ,
'brute-force' ,
'file-change' ,
2016-08-02 19:51:22 +02:00
'404-detection' ,
'network-brute-force' ,
2016-06-08 21:47:49 +02:00
'ssl' ,
'strong-passwords' ,
'system-tweaks' ,
'wordpress-tweaks' ,
2016-08-02 19:51:22 +02:00
'multisite-tweaks' ,
2016-06-08 21:47:49 +02:00
//'salts',
//'content-directory',
2016-08-02 19:51:22 +02:00
);
$require_permalinks = false ;
2015-10-15 22:52:37 +10:00
$updated = false ;
2016-08-02 19:51:22 +02:00
$errors = array ();
$nbf_settings = array ();
2016-06-08 21:47:49 +02:00
$update_settings = maybe_unserialize ( base64_decode ( $_POST [ 'settings' ] ) );
2016-08-02 19:51:22 +02:00
2016-06-08 21:47:49 +02:00
foreach ( $update_settings as $module => $settings ) {
2016-08-02 19:51:22 +02:00
$do_not_save = false ;
if ( in_array ( $module , $_itsec_modules )) {
if ( $module == 'wordpress-salts' ) {
$settings [ 'last_generated' ] = ITSEC_Modules :: get_setting ( $module , 'last_generated' ); // not update
} else if ( $module == 'global' ) {
$keep_olds = array ( 'did_upgrade' , 'log_info' , 'show_new_dashboard_notice' , 'show_security_check' , 'nginx_file' );
foreach ( $keep_olds as $key ) {
$settings [ $key ] = ITSEC_Modules :: get_setting ( $module , $key ); // not update
}
if ( ! isset ( $settings [ 'log_location' ]) || empty ( $settings [ 'log_location' ]) ) {
$settings [ 'log_location' ] = ITSEC_Modules :: get_setting ( $module , 'log_location' );
} else {
$result = $this -> validate_directory ( 'log_location' , $settings [ 'log_location' ]);
if ( $result !== true ) {
$errors [] = $result ;
$settings [ 'log_location' ] = ITSEC_Modules :: get_setting ( $module , 'log_location' ); // no change
}
}
} else if ( $module == 'backup' ) {
if ( ! isset ( $settings [ 'location' ]) || empty ( $settings [ 'location' ]) ) {
$settings [ 'location' ] = ITSEC_Modules :: get_setting ( $module , 'location' );
} else {
$result = $this -> validate_directory ( 'location' , $settings [ 'location' ]);
if ( $result !== true ) {
$errors [] = $result ;
$settings [ 'location' ] = ITSEC_Modules :: get_setting ( $module , 'location' ); // no change
}
}
if ( ! isset ( $settings [ 'exclude' ]) ) {
$settings [ 'exclude' ] = ITSEC_Modules :: get_setting ( $module , 'exclude' );;
}
} else if ( $module == 'hide-backend' ) {
if ( isset ( $settings [ 'enabled' ]) && ! empty ( $settings [ 'enabled' ])) {
$permalink_structure = get_option ( 'permalink_structure' , false );
if ( empty ( $permalink_structure ) && ! is_multisite () ) {
$errors [] = __ ( 'You must change <strong>WordPress permalinks</strong> to a setting other than "Plain" in order to use "Hide Backend" feature.' , 'better-wp-security' );
$require_permalinks = true ;
$do_not_save = true ;
}
}
} else if ( $module == 'network-brute-force' ) {
if ( isset ( $settings [ 'email' ] ) ) {
$result = $this -> activate_api_key ( $settings );
if ( $result === false ) {
$nbf_settings = $settings ;
$errors [] = 'Error: Active iThemes Network Brute Force Protection Api Key' ;
} else {
$nbf_settings = $result ;
}
} else {
$previous_settings = ITSEC_Modules :: get_settings ( $module );
// update 'enable_ban' field only
if ( isset ( $settings [ 'enable_ban' ])) {
$previous_settings [ 'enable_ban' ] = $settings [ 'enable_ban' ];
$nbf_settings = $previous_settings ;
} else {
$do_not_save = true ;
$nbf_settings = $previous_settings ;
}
}
$settings = $nbf_settings ;
}
if ( ! $do_not_save ) {
ITSEC_Modules :: set_settings ( $module , $settings );
$updated = true ;
2016-06-12 18:33:51 +02:00
}
2016-08-02 19:51:22 +02:00
}
2015-10-15 22:52:37 +10:00
}
2016-08-02 19:51:22 +02:00
2016-06-08 21:47:49 +02:00
require_once ( ITSEC_Core :: get_core_dir () . '/lib/class-itsec-lib-config-file.php' );
2015-10-15 22:52:37 +10:00
2016-06-08 21:47:49 +02:00
$values = array (
2015-10-15 22:52:37 +10:00
'permalink_structure' => get_option ( 'permalink_structure' ),
'is_multisite' => is_multisite () ? 1 : 0 ,
2016-08-02 19:51:22 +02:00
'users_can_register' => get_site_option ( 'users_can_register' ) ? 1 : 0 ,
'server_nginx' => ( ITSEC_Lib :: get_server () === 'nginx' ) ? 1 : 0 ,
2016-06-08 21:47:49 +02:00
'has_ssl' => ITSEC_Lib :: get_ssl () ? 1 : 0 ,
'jquery_version' => ITSEC_Modules :: get_setting ( 'wordpress-tweaks' , 'jquery_version' ),
'is_jquery_version_safe' => ITSEC_Lib :: is_jquery_version_safe (),
'server_rules' => ITSEC_Lib_Config_File :: get_server_config (),
'config_rules' => ITSEC_Lib_Config_File :: get_wp_config (),
2015-10-15 22:52:37 +10:00
'lockouts_host' => $this -> get_lockouts ( 'host' , true ),
'lockouts_user' => $this -> get_lockouts ( 'user' , true ),
2016-08-02 19:51:22 +02:00
'lockouts_username' => $this -> get_lockouts ( 'username' , true ),
'default_log_location' => ITSEC_Modules :: get_default ( 'global' , 'log_location' ),
'default_location' => ITSEC_Modules :: get_default ( 'backup' , 'location' ),
'excludable_tables' => $this -> get_excludable_tables (),
2015-10-15 22:52:37 +10:00
);
2016-08-02 19:51:22 +02:00
$return = array (
2016-06-08 21:47:49 +02:00
'site_status' => $values
);
2016-08-02 19:51:22 +02:00
if ( $require_permalinks ) {
$return [ 'require_permalinks' ] = 1 ;
}
$return [ 'nbf_settings' ] = $nbf_settings ;
if ( ! empty ( $errors )) {
$return [ 'extra_message' ] = $errors ;
}
if ( $updated )
$return [ 'result' ] = 'success' ;
2016-06-08 21:47:49 +02:00
else
2016-08-02 19:51:22 +02:00
$return [ 'error' ] = __ ( 'Not Updated' , 'mainwp-child' );
return $return ;
}
public static function activate_network_brute_force () {
$data = maybe_unserialize ( base64_decode ( $_POST [ 'data' ] ) );
$information = array ();
if ( is_array ( $data )) {
$settings = ITSEC_Modules :: get_settings ( 'network-brute-force' );
$settings [ 'email' ] = $data [ 'email' ];
$settings [ 'updates_optin' ] = $data [ 'updates_optin' ];
$settings [ 'api_nag' ] = false ;
$results = ITSEC_Modules :: set_settings ( 'network-brute-force' , $settings );
if ( is_wp_error ( $results ) ) {
$information [ 'error' ] = 'Error: Active iThemes Network Brute Force Protection Api Key' ;
} else if ( $results [ 'saved' ] ) {
ITSEC_Modules :: activate ( 'network-brute-force' );
$nbf_settings = ITSEC_Modules :: get_settings ( 'network-brute-force' );
// ITSEC_Response::set_response( '<p>' . __( 'Your site is now using Network Brute Force Protection.', 'better-wp-security' ) . '</p>' );
}
}
if ( $nbf_settings !== null ) {
$information [ 'nbf_settings' ] = $nbf_settings ;
$information [ 'result' ] = 'success' ;
}
return $information ;
}
private function validate_directory ( $name , $folder ) {
require_once ( ITSEC_Core :: get_core_dir () . 'lib/class-itsec-lib-directory.php' );
$error = null ;
if ( ! ITSEC_Lib_Directory :: is_dir ( $folder ) ) {
$result = ITSEC_Lib_Directory :: create ( $folder );
if ( is_wp_error ( $result ) ) {
$error = sprintf ( _x ( 'The directory supplied in %1$s cannot be used as a valid directory. %2$s' , '%1$s is the input name. %2$s is the error message.' , 'better-wp-security' ), $name , $result -> get_error_message () );
}
}
if ( empty ( $error ) && ! ITSEC_Lib_Directory :: is_writable ( $folder ) ) {
$error = sprintf ( __ ( 'The directory supplied in %1$s is not writable. Please select a directory that can be written to.' , 'better-wp-security' ), $name );
}
if ( empty ( $error ) ) {
ITSEC_Lib_Directory :: add_file_listing_protection ( $folder );
return true ;
} else {
return $error ;
}
2015-10-15 22:52:37 +10:00
}
2016-08-02 19:51:22 +02:00
private function activate_api_key ( $settings ) {
global $mainwp_itsec_modules_path ;
require_once ( $mainwp_itsec_modules_path . 'ipcheck/utilities.php' );
$key = ITSEC_Network_Brute_Force_Utilities :: get_api_key ( $settings [ 'email' ], $settings [ 'updates_optin' ] );
if ( is_wp_error ( $key ) ) {
return false ;
// $this->set_can_save( false );
// $this->add_error( $key );
} else {
$secret = ITSEC_Network_Brute_Force_Utilities :: activate_api_key ( $key );
if ( is_wp_error ( $secret ) ) {
return false ;
// $this->set_can_save( false );
// $this->add_error( $secret );
} else {
$settings [ 'api_key' ] = $key ;
$settings [ 'api_secret' ] = $secret ;
$settings [ 'api_nag' ] = false ;
2015-10-15 22:52:37 +10:00
2016-08-02 19:51:22 +02:00
ITSEC_Response :: reload_module ( 'network-brute-force' );
}
}
unset ( $settings [ 'email' ] );
return $settings ;
}
2015-10-15 22:52:37 +10:00
function backup_status () {
$status = 0 ;
if ( ! is_multisite () && class_exists ( 'backupbuddy_api' ) && count ( backupbuddy_api :: getSchedules () ) >= 1 ) {
$status = 1 ;
} elseif ( ! is_multisite () && class_exists ( 'backupbuddy_api' ) ) {
$status = 2 ;
} elseif ( $this -> has_backup () === true && $this -> scheduled_backup () === true ) {
$status = 3 ;
} elseif ( $this -> has_backup () === true ) {
$status = 4 ;
}
return $status ;
}
public function has_backup () {
$has_backup = false ;
return apply_filters ( 'itsec_has_external_backup' , $has_backup );
}
public function scheduled_backup () {
$sceduled_backup = false ;
return apply_filters ( 'itsec_scheduled_external_backup' , $sceduled_backup );
}
public function whitelist () {
global $itsec_globals ;
$ip = $_POST [ 'ip' ];
$add_temp = false ;
$temp_ip = get_site_option ( 'itsec_temp_whitelist_ip' );
if ( false !== $temp_ip ) {
if ( ( $temp_ip [ 'exp' ] < $itsec_globals [ 'current_time' ] ) || ( $temp_ip [ 'exp' ] !== $ip ) ) {
delete_site_option ( 'itsec_temp_whitelist_ip' );
$add_temp = true ;
}
} else {
$add_temp = true ;
}
if ( false === $add_temp ) {
return array ( 'error' => 'Not Updated' );
} else {
$response = array (
'ip' => $ip ,
'exp' => $itsec_globals [ 'current_time' ] + 86400 ,
);
add_site_option ( 'itsec_temp_whitelist_ip' , $response );
$response [ 'exp_diff' ] = human_time_diff ( $itsec_globals [ 'current_time' ], $response [ 'exp' ] );
2015-12-05 17:38:52 +01:00
$response [ 'message1' ] = __ ( 'Your IP Address' , 'better-wp-security' );
$response [ 'message2' ] = __ ( 'is whitelisted for' , 'better-wp-security' );
2015-10-15 22:52:37 +10:00
return $response ;
}
}
function whitelist_release () {
delete_site_option ( 'itsec_temp_whitelist_ip' );
return 'success' ;
}
function backup_db () {
2016-06-08 21:47:49 +02:00
global $itsec_backup , $mainwp_itsec_modules_path ;
2016-08-02 19:51:22 +02:00
if ( ! isset ( $itsec_backup ) ) {
2016-06-08 21:47:49 +02:00
require_once ( $mainwp_itsec_modules_path . 'backup/class-itsec-backup.php' );
$itsec_backup = new ITSEC_Backup ();
2016-08-02 19:51:22 +02:00
$itsec_backup -> run ();
2016-06-08 21:47:49 +02:00
}
2016-08-02 19:51:22 +02:00
2016-06-08 21:47:49 +02:00
$return = array ();
2016-08-02 19:51:22 +02:00
$str_error = '' ;
$result = $itsec_backup -> do_backup ( true );
2016-06-08 21:47:49 +02:00
if ( is_wp_error ( $result ) ) {
$errors = ITSEC_Response :: get_error_strings ( $result );
foreach ( $errors as $error ) {
$str_error .= $error . '<br />' ;
}
2016-08-02 19:51:22 +02:00
} else if ( is_string ( $result ) ) {
$return [ 'result' ] = 'success' ;
2016-06-08 21:47:49 +02:00
$return [ 'message' ] = $result ;
} else {
$str_error = sprintf ( __ ( 'The backup request returned an unexpected response. It returned a response of type <code>%1$s</code>.' , 'better-wp-security' ), gettype ( $result ) ) ;
}
2016-08-02 19:51:22 +02:00
2016-06-08 21:47:49 +02:00
if ( ! empty ( $str_error )) {
$return [ 'error' ] = $str_error ;
2016-08-02 19:51:22 +02:00
}
2016-06-08 21:47:49 +02:00
return $return ;
}
2016-08-02 19:51:22 +02:00
2016-06-08 21:47:49 +02:00
private function wordpress_salts () {
2016-08-02 19:51:22 +02:00
global $mainwp_itsec_modules_path ;
2016-06-08 21:47:49 +02:00
if ( ! class_exists ( 'ITSEC_WordPress_Salts_Utilities' ) ) {
require ( $mainwp_itsec_modules_path . 'salts/utilities.php' );
2016-08-02 19:51:22 +02:00
}
$result = ITSEC_WordPress_Salts_Utilities :: generate_new_salts ();
$str_error = '' ;
2016-06-08 21:47:49 +02:00
if ( is_wp_error ( $result ) ) {
$errors = ITSEC_Response :: get_error_strings ( $result );
foreach ( $errors as $error ) {
$str_error .= $error . '<br />' ;
}
2016-08-02 19:51:22 +02:00
} else {
$return [ 'result' ] = 'success' ;
2016-06-08 21:47:49 +02:00
$return [ 'message' ] = __ ( 'The WordPress salts were successfully regenerated.' , 'better-wp-security' ) ;
$last_generated = ITSEC_Core :: get_current_time_gmt ();
ITSEC_Modules :: set_setting ( 'wordpress-salts' , 'last_generated' , $last_generated );
2016-08-02 19:51:22 +02:00
}
2016-06-08 21:47:49 +02:00
if ( ! empty ( $str_error )) {
$return [ 'error' ] = $str_error ;
2016-08-02 19:51:22 +02:00
}
return $return ;
2016-06-08 21:47:49 +02:00
}
2016-08-02 19:51:22 +02:00
private function file_permissions () {
require_once ( ITSEC_Core :: get_core_dir () . '/lib/class-itsec-lib-config-file.php' );
2016-06-08 21:47:49 +02:00
2016-08-02 19:51:22 +02:00
$wp_upload_dir = ITSEC_Core :: get_wp_upload_dir ();
2016-06-08 21:47:49 +02:00
2016-08-02 19:51:22 +02:00
$path_data = array (
array (
ABSPATH ,
0755 ,
),
array (
ABSPATH . WPINC ,
0755 ,
),
array (
ABSPATH . 'wp-admin' ,
0755 ,
),
array (
ABSPATH . 'wp-admin/js' ,
0755 ,
),
array (
WP_CONTENT_DIR ,
0755 ,
),
array (
get_theme_root (),
0755 ,
),
array (
WP_PLUGIN_DIR ,
0755
),
array (
$wp_upload_dir [ 'basedir' ],
0755 ,
),
array (
ITSEC_Lib_Config_File :: get_wp_config_file_path (),
0444 ,
),
array (
ITSEC_Lib_Config_File :: get_server_config_file_path (),
0444 ,
),
);
2016-06-08 21:47:49 +02:00
2016-08-02 19:51:22 +02:00
$rows = array ();
2016-06-08 21:47:49 +02:00
2016-08-02 19:51:22 +02:00
foreach ( $path_data as $path ) {
$row = array ();
2015-10-15 22:52:37 +10:00
2016-08-02 19:51:22 +02:00
list ( $path , $suggested_permissions ) = $path ;
2016-06-08 21:47:49 +02:00
2016-08-02 19:51:22 +02:00
$display_path = preg_replace ( '/^' . preg_quote ( ABSPATH , '/' ) . '/' , '' , $path );
$display_path = ltrim ( $display_path , '/' );
2016-06-08 21:47:49 +02:00
2016-08-02 19:51:22 +02:00
if ( empty ( $display_path ) ) {
$display_path = '/' ;
}
2016-06-08 21:47:49 +02:00
2016-08-02 19:51:22 +02:00
$row [] = $display_path ;
$row [] = sprintf ( '%o' , $suggested_permissions );
2016-06-08 21:47:49 +02:00
2016-08-02 19:51:22 +02:00
$permissions = fileperms ( $path ) & 0777 ;
$row [] = sprintf ( '%o' , $permissions );
2016-06-08 21:47:49 +02:00
2016-08-02 19:51:22 +02:00
if ( ! $permissions || $permissions != $suggested_permissions ) {
$row [] = __ ( 'WARNING' , 'better-wp-security' );
$row [] = '<div style="background-color: #FEFF7F; border: 1px solid #E2E2E2;"> </div>' ;
} else {
$row [] = __ ( 'OK' , 'better-wp-security' );
$row [] = '<div style="background-color: #22EE5B; border: 1px solid #E2E2E2;"> </div>' ;
}
2016-06-08 21:47:49 +02:00
2016-08-02 19:51:22 +02:00
$rows [] = $row ;
}
2016-06-08 21:47:49 +02:00
2016-08-02 19:51:22 +02:00
$class = 'entry-row' ;
2016-06-08 21:47:49 +02:00
ob_start ();
?>
< p >< input type = " button " id = " itsec-file-permissions-reload_file_permissions " name = " file-permissions[reload_file_permissions] " class = " button-primary itsec-reload-module " value = " <?php _e('Reload File Permissions Details', 'mainwp-child'); ?> " ></ p >
< table class = " widefat " >
< thead >
2016-08-02 19:51:22 +02:00
< tr >
< th >< ? php _e ( 'Relative Path' , 'better-wp-security' ); ?> </th>
< th >< ? php _e ( 'Suggestion' , 'better-wp-security' ); ?> </th>
< th >< ? php _e ( 'Value' , 'better-wp-security' ); ?> </th>
< th >< ? php _e ( 'Result' , 'better-wp-security' ); ?> </th>
< th >< ? php _e ( 'Status' , 'better-wp-security' ); ?> </th>
</ tr >
2016-06-08 21:47:49 +02:00
</ thead >
< tfoot >
2016-08-02 19:51:22 +02:00
< tr >
< th >< ? php _e ( 'Relative Path' , 'better-wp-security' ); ?> </th>
< th >< ? php _e ( 'Suggestion' , 'better-wp-security' ); ?> </th>
< th >< ? php _e ( 'Value' , 'better-wp-security' ); ?> </th>
< th >< ? php _e ( 'Result' , 'better-wp-security' ); ?> </th>
< th >< ? php _e ( 'Status' , 'better-wp-security' ); ?> </th>
</ tr >
2016-06-08 21:47:49 +02:00
</ tfoot >
< tbody >
2016-08-02 19:51:22 +02:00
< ? php foreach ( $rows as $row ) : ?>
< tr class = " <?php echo $class ; ?> " >
< ? php foreach ( $row as $column ) : ?>
< td >< ? php echo $column ; ?> </td>
< ? php endforeach ; ?>
</ tr >
< ? php $class = ( 'entry-row' === $class ) ? 'entry-row alternate' : 'entry-row' ; ?>
< ? php endforeach ; ?>
2016-06-08 21:47:49 +02:00
</ tbody >
</ table >
< br />
2016-08-02 19:51:22 +02:00
< ? php
2016-06-08 21:47:49 +02:00
$html = ob_get_clean ();
return array ( 'html' => $html );
}
2016-08-02 19:51:22 +02:00
2016-06-08 21:47:49 +02:00
public function file_change () {
2016-08-02 19:51:22 +02:00
global $mainwp_itsec_modules_path ;
2016-06-08 21:47:49 +02:00
if ( ! class_exists ( 'ITSEC_File_Change_Scanner' ) ) {
require_once ( $mainwp_itsec_modules_path . 'file-change/scanner.php' );
2016-08-02 19:51:22 +02:00
}
2016-06-08 21:47:49 +02:00
$result = ITSEC_File_Change_Scanner :: run_scan ( false );
if ( $result === false || $result === true || $result === - 1 ) {
$return [ 'result' ] = 'success' ;
2016-08-02 19:51:22 +02:00
$return [ 'scan_result' ] = $result ;
}
return $return ;
2015-10-15 22:52:37 +10:00
}
2016-08-02 19:51:22 +02:00
2015-10-15 22:52:37 +10:00
function admin_user () {
2016-08-02 19:51:22 +02:00
$settings = $_POST [ 'settings' ];
2016-06-08 21:47:49 +02:00
if ( ! is_array ( $settings ))
$settings = array ();
2016-08-02 19:51:22 +02:00
2016-06-08 21:47:49 +02:00
$new_username = isset ( $settings [ 'new_username' ] ) ? $settings [ 'new_username' ] : '' ;
$change_id = isset ( $settings [ 'change_id' ] ) && $settings [ 'change_id' ] ? true : false ;
2016-08-02 19:51:22 +02:00
2015-10-15 22:52:37 +10:00
//load utility functions
if ( ! class_exists ( 'ITSEC_Lib' ) ) {
global $itsec_globals ;
2016-06-08 21:47:49 +02:00
require ( ITSEC_Core :: get_core_dir () . '/core/class-itsec-lib.php' );
2015-10-15 22:52:37 +10:00
}
$username_exists = username_exists ( 'admin' );
$user_id_exists = ITSEC_Lib :: user_id_exists ( 1 );
$msg = '' ;
2016-06-08 21:47:49 +02:00
if ( strlen ( $new_username ) >= 1 && ! $username_exists ) {
2015-10-15 22:52:37 +10:00
$msg = __ ( 'Admin user already changes.' , 'mainwp-child' );
}
2016-08-02 19:51:22 +02:00
if ( true === $change_id && ! $user_id_exists ) {
2015-10-15 22:52:37 +10:00
if ( ! empty ( $msg ) ) {
$msg .= '<br/>' ;
}
$msg .= __ ( 'Admin user ID already changes.' , 'mainwp-child' );
}
2016-06-08 21:47:49 +02:00
if ( $change_id ) {
$user = get_user_by ( 'login' , $new_username );
if ( $user && 1 === ( int ) $user -> ID ) {
$return [ 'result' ] = 'CHILD_ADMIN' ;
return $return ;
2015-10-15 22:52:37 +10:00
}
}
$admin_success = true ;
2016-06-08 21:47:49 +02:00
$return = array ();
2015-10-15 22:52:37 +10:00
2016-06-08 21:47:49 +02:00
if ( strlen ( $new_username ) >= 1 && $username_exists ) {
$admin_success = $this -> change_admin_user ( $new_username , $change_id );
} elseif ( true === $change_id && $user_id_exists ) {
$admin_success = $this -> change_admin_user ( null , $change_id );
2015-10-15 22:52:37 +10:00
}
2016-06-08 21:47:49 +02:00
$return [ 'message' ] = $msg ;
2015-10-15 22:52:37 +10:00
if ( false === $admin_success ) {
2016-06-08 21:47:49 +02:00
$return [ 'result' ] = 'fail' ;
2015-10-15 22:52:37 +10:00
} else {
2016-06-08 21:47:49 +02:00
$return [ 'result' ] = 'success' ;
2015-10-15 22:52:37 +10:00
}
2016-06-08 21:47:49 +02:00
return $return ;
2015-10-15 22:52:37 +10:00
}
private function change_admin_user ( $username = null , $id = false ) {
2016-06-08 21:47:49 +02:00
global $wpdb ;
$itsec_files = ITSEC_Core :: get_itsec_files ();
2016-08-02 19:51:22 +02:00
2015-10-15 22:52:37 +10:00
if ( $itsec_files -> get_file_lock ( 'admin_user' ) ) { //make sure it isn't already running
//sanitize the username
$new_user = sanitize_text_field ( $username );
//Get the full user object
$user_object = get_user_by ( 'id' , '1' );
2015-12-05 17:38:52 +01:00
if ( null !== $username && validate_username ( $new_user ) && false === username_exists ( $new_user ) ) { //there is a valid username to change
2015-10-15 22:52:37 +10:00
if ( true === $id ) { //we're changing the id too so we'll set the username
$user_login = $new_user ;
} else { // we're only changing the username
2016-06-08 21:47:49 +02:00
//query main user table
$wpdb -> query ( " UPDATE ` " . $wpdb -> users . " ` SET user_login = ' " . esc_sql ( $new_user ) . " ' WHERE user_login='admin'; " );
2016-08-02 19:51:22 +02:00
2015-10-15 22:52:37 +10:00
if ( is_multisite () ) { //process sitemeta if we're in a multi-site situation
$oldAdmins = $wpdb -> get_var ( 'SELECT meta_value FROM `' . $wpdb -> sitemeta . " ` WHERE meta_key = 'site_admins' " );
$newAdmins = str_replace ( '5:"admin"' , strlen ( $new_user ) . ':"' . esc_sql ( $new_user ) . '"' , $oldAdmins );
2015-12-05 17:38:52 +01:00
$wpdb -> query ( $wpdb -> prepare ( 'UPDATE `' . $wpdb -> sitemeta . " ` SET meta_value = %s WHERE meta_key = 'site_admins' " , $newAdmins ) );
2015-10-15 22:52:37 +10:00
}
wp_clear_auth_cookie ();
$itsec_files -> release_file_lock ( 'admin_user' );
return true ;
}
} elseif ( null !== $username ) { //username didn't validate
$itsec_files -> release_file_lock ( 'admin_user' );
return false ;
} else { //only changing the id
$user_login = $user_object -> user_login ;
}
if ( true === $id ) { //change the user id
$wpdb -> query ( 'DELETE FROM `' . $wpdb -> users . '` WHERE ID = 1;' );
2016-08-02 19:51:22 +02:00
2015-10-15 22:52:37 +10:00
$wpdb -> insert ( $wpdb -> users , array (
'user_login' => $user_login ,
'user_pass' => $user_object -> user_pass ,
'user_nicename' => $user_object -> user_nicename ,
'user_email' => $user_object -> user_email ,
'user_url' => $user_object -> user_url ,
'user_registered' => $user_object -> user_registered ,
'user_activation_key' => $user_object -> user_activation_key ,
'user_status' => $user_object -> user_status ,
'display_name' => $user_object -> display_name ,
) );
if ( is_multisite () && null !== $username && validate_username ( $new_user ) ) { //process sitemeta if we're in a multi-site situation
$oldAdmins = $wpdb -> get_var ( 'SELECT meta_value FROM `' . $wpdb -> sitemeta . " ` WHERE meta_key = 'site_admins' " );
$newAdmins = str_replace ( '5:"admin"' , strlen ( $new_user ) . ':"' . esc_sql ( $new_user ) . '"' , $oldAdmins );
$wpdb -> query ( 'UPDATE `' . $wpdb -> sitemeta . " ` SET meta_value = ' " . esc_sql ( $newAdmins ) . " ' WHERE meta_key = 'site_admins' " );
}
$new_user = $wpdb -> insert_id ;
2015-12-05 17:38:52 +01:00
$wpdb -> query ( $wpdb -> prepare ( 'UPDATE `' . $wpdb -> posts . " ` SET post_author = %s WHERE post_author = 1; " , $new_user ) );
$wpdb -> query ( $wpdb -> prepare ( 'UPDATE `' . $wpdb -> usermeta . " ` SET user_id = %s WHERE user_id = 1; " , $new_user ) );
$wpdb -> query ( $wpdb -> prepare ( 'UPDATE `' . $wpdb -> comments . " ` SET user_id = %s WHERE user_id = 1; " , $new_user ) );
$wpdb -> query ( $wpdb -> prepare ( 'UPDATE `' . $wpdb -> links . " ` SET link_owner = %s WHERE link_owner = 1; " , $new_user ) );
2015-10-15 22:52:37 +10:00
wp_clear_auth_cookie ();
$itsec_files -> release_file_lock ( 'admin_user' );
return true ;
}
}
return false ;
}
public function build_wpconfig_rules ( $rules_array , $input = null ) {
//Get the rules from the database if input wasn't sent
if ( null === $input ) {
return $rules_array ;
}
$new_dir = trailingslashit ( ABSPATH ) . $input ;
$rules [] = array (
'type' => 'add' ,
'search_text' => '//Do not delete these. Doing so WILL break your site.' ,
'rule' => '//Do not delete these. Doing so WILL break your site.' ,
);
$rules [] = array (
'type' => 'add' ,
'search_text' => 'WP_CONTENT_URL' ,
'rule' => " define( 'WP_CONTENT_URL', ' " . trailingslashit ( get_option ( 'siteurl' ) ) . $input . " ' ); " ,
);
$rules [] = array (
'type' => 'add' ,
'search_text' => 'WP_CONTENT_DIR' ,
'rule' => " define( 'WP_CONTENT_DIR', ' " . $new_dir . " ' ); " ,
);
$rules_array [] = array ( 'type' => 'wpconfig' , 'name' => 'Content Directory' , 'rules' => $rules );
return $rules_array ;
}
2016-08-02 19:51:22 +02:00
2015-10-15 22:52:37 +10:00
2016-06-08 21:47:49 +02:00
public function change_database_prefix () {
2016-08-02 19:51:22 +02:00
global $mainwp_itsec_modules_path ;
2016-06-08 21:47:49 +02:00
require_once ( $mainwp_itsec_modules_path . 'database-prefix/utility.php' );
$str_error = '' ;
$return = array ();
2016-08-02 19:51:22 +02:00
2016-06-08 21:47:49 +02:00
if ( isset ( $_POST [ 'change_prefix' ] ) && 'yes' === $_POST [ 'change_prefix' ] ) {
$result = ITSEC_Database_Prefix_Utility :: change_database_prefix ();
$return = $result [ 'errors' ];
if ( is_array ( $result [ 'errors' ])) {
foreach ( $result [ 'errors' ] as $error ) {
$arr_errors = ITSEC_Response :: get_error_strings ( $error );
foreach ( $arr_errors as $er ) {
$str_error .= $er . '<br />' ;
}
2015-10-15 22:52:37 +10:00
}
}
2016-08-02 19:51:22 +02:00
2016-06-08 21:47:49 +02:00
ITSEC_Response :: reload_module ( 'database-prefix' );
2016-08-02 19:51:22 +02:00
2016-06-08 21:47:49 +02:00
if ( false === $result [ 'new_prefix' ] ) {
$return [ 'error' ] = $str_error ;
} else {
$return [ 'result' ] = 'success' ;
$return [ 'message' ] = sprintf ( __ ( 'The database table prefix was successfully changed to <code>%1$s</code>.' , 'better-wp-security' ), $result [ 'new_prefix' ] );
2016-08-02 19:51:22 +02:00
2015-10-15 22:52:37 +10:00
}
2016-08-02 19:51:22 +02:00
}
return $return ;
2015-10-15 22:52:37 +10:00
}
public function api_key () {
$settings = get_site_option ( 'itsec_ipcheck' );
if ( ! is_array ( $settings ) ) {
$settings = array ();
}
$settings [ 'reset' ] = true ;
2016-06-08 21:47:49 +02:00
$return = array ();
2015-10-15 22:52:37 +10:00
if ( update_site_option ( 'itsec_ipcheck' , $settings ) ) {
2016-06-08 21:47:49 +02:00
$return [ 'result' ] = 'success' ;
2015-10-15 22:52:37 +10:00
} else {
2016-06-08 21:47:49 +02:00
$return [ 'result' ] = 'nochange' ;
2015-10-15 22:52:37 +10:00
}
2016-06-08 21:47:49 +02:00
return $return ;
2015-10-15 22:52:37 +10:00
}
public function reset_api_key () {
2016-08-02 19:51:22 +02:00
$defaults = ITSEC_Modules :: get_defaults ( 'network-brute-force' );
$results = ITSEC_Modules :: set_settings ( 'network-brute-force' , $defaults );
ITSEC_Response :: set_response ( $results [ 'saved' ] );
ITSEC_Response :: add_errors ( $results [ 'errors' ] );
ITSEC_Response :: add_messages ( $results [ 'messages' ] );
$information = array ();
if ( $results [ 'saved' ] ) {
$information [ 'result' ] = 'success' ;
$information [ 'nbf_settings' ] = ITSEC_Modules :: get_settings ( 'network-brute-force' );
} else if ( empty ( $results [ 'errors' ] ) ) {
$information [ 'error_reset_api' ] = 1 ;
2015-10-15 22:52:37 +10:00
}
2016-08-02 19:51:22 +02:00
return $information ;
2015-10-15 22:52:37 +10:00
}
2016-08-02 19:51:22 +02:00
2015-10-15 22:52:37 +10:00
public function malware_scan () {
2016-06-08 21:47:49 +02:00
global $mainwp_itsec_modules_path ;
2016-08-02 19:51:22 +02:00
2016-06-08 21:47:49 +02:00
if ( ! class_exists ( 'ITSEC_Malware_Scanner' ) ) {
require_once ( $mainwp_itsec_modules_path . 'malware/class-itsec-malware-scanner.php' );
2016-08-02 19:51:22 +02:00
require_once ( $mainwp_itsec_modules_path . 'malware/class-itsec-malware-scan-results-template.php' );
2016-06-08 21:47:49 +02:00
}
2016-08-02 19:51:22 +02:00
2016-06-08 21:47:49 +02:00
$response = array ();
if ( ! ITSEC_Core :: current_user_can_manage () ) {
$response [ 'error' ] = 'The currently logged in user does not have sufficient permissions to run this scan.' ;
} else {
$results = ITSEC_Malware_Scanner :: scan ();
$response [ 'html' ] = ITSEC_Malware_Scan_Results_Template :: get_html ( $results , true );
2016-08-02 19:51:22 +02:00
}
2015-10-15 22:52:37 +10:00
return $response ;
}
public function malware_get_scan_results () {
2016-08-02 19:51:22 +02:00
2016-06-08 21:47:49 +02:00
global $mainwp_itsec_modules_path ;
if ( ! class_exists ( 'ITSEC_Malware_Scanner' ) ) {
require_once ( $mainwp_itsec_modules_path . 'malware/class-itsec-malware-scanner.php' );
require_once ( $mainwp_itsec_modules_path . 'malware/class-itsec-malware-scan-results-template.php' );
2016-08-02 19:51:22 +02:00
}
2016-06-08 21:47:49 +02:00
$response = array ();
2016-08-02 19:51:22 +02:00
$results = ITSEC_Malware_Scanner :: scan ();
$response [ 'html' ] = ITSEC_Malware_Scan_Results_Template :: get_html ( $results , true );
2015-10-15 22:52:37 +10:00
return $response ;
}
public function purge_logs () {
global $wpdb ;
$wpdb -> query ( 'DELETE FROM `' . $wpdb -> base_prefix . 'itsec_log`;' );
return array ( 'result' => 'success' );
}
public function get_lockouts ( $type = 'all' , $current = false ) {
global $wpdb , $itsec_globals ;
if ( 'all' !== $type || true === $current ) {
$where = ' WHERE ' ;
} else {
$where = '' ;
}
switch ( $type ) {
case 'host' :
$type_statement = " `lockout_host` IS NOT NULL && `lockout_host` != '' " ;
break ;
case 'user' :
$type_statement = '`lockout_user` != 0' ;
break ;
case 'username' :
$type_statement = " `lockout_username` IS NOT NULL && `lockout_username` != '' " ;
break ;
default :
$type_statement = '' ;
break ;
}
if ( true === $current ) {
if ( '' !== $type_statement ) {
$and = ' AND ' ;
} else {
$and = '' ;
}
$active = $and . " `lockout_active`=1 AND `lockout_expire_gmt` > ' " . date ( 'Y-m-d H:i:s' , $itsec_globals [ 'current_time_gmt' ] ) . " ' " ;
} else {
$active = '' ;
}
$results = $wpdb -> get_results ( 'SELECT * FROM `' . $wpdb -> base_prefix . 'itsec_lockouts`' . $where . $type_statement . $active . ';' , ARRAY_A );
$output = array ();
if ( is_array ( $results ) && count ( $results ) > 0 ) {
switch ( $type ) {
case 'host' :
foreach ( $results as $val ) {
$output [] = array (
'lockout_id' => $val [ 'lockout_id' ],
'lockout_host' => $val [ 'lockout_host' ],
'lockout_expire_gmt' => $val [ 'lockout_expire_gmt' ],
);
}
break ;
case 'user' :
foreach ( $results as $val ) {
$output [] = array (
'lockout_id' => $val [ 'lockout_id' ],
'lockout_user' => $val [ 'lockout_user' ],
'lockout_expire_gmt' => $val [ 'lockout_expire_gmt' ],
);
}
break ;
case 'username' :
foreach ( $results as $val ) {
$output [] = array (
'lockout_id' => $val [ 'lockout_id' ],
'lockout_username' => $val [ 'lockout_username' ],
'lockout_expire_gmt' => $val [ 'lockout_expire_gmt' ],
);
}
break ;
default :
break ;
}
}
return $output ;
}
public function release_lockout () {
2016-06-08 21:47:49 +02:00
global $wpdb ;
2015-10-15 22:52:37 +10:00
if ( ! class_exists ( 'ITSEC_Lib' ) ) {
2016-06-08 21:47:49 +02:00
require ( ITSEC_Core :: get_core_dir () . '/core/class-itsec-lib.php' );
2015-10-15 22:52:37 +10:00
}
$lockout_ids = $_POST [ 'lockout_ids' ];
if ( ! is_array ( $lockout_ids ) ) {
$lockout_ids = array ();
}
$type = 'updated' ;
2015-12-05 17:38:52 +01:00
$message = __ ( 'The selected lockouts have been cleared.' , 'better-wp-security' );
2015-10-15 22:52:37 +10:00
foreach ( $lockout_ids as $value ) {
$wpdb -> update (
$wpdb -> base_prefix . 'itsec_lockouts' ,
array (
'lockout_active' => 0 ,
),
array (
'lockout_id' => intval ( $value ),
)
);
}
ITSEC_Lib :: clear_caches ();
if ( ! is_multisite () ) {
if ( ! function_exists ( 'add_settings_error' ) ) {
require_once ( ABSPATH . '/wp-admin/includes/template.php' );
}
add_settings_error ( 'itsec' , esc_attr ( 'settings_updated' ), $message , $type );
}
return array (
'result' => 'success' ,
);
}
2016-08-02 19:51:22 +02:00
2016-06-08 21:47:49 +02:00
public function update_module_status () {
2016-08-02 19:51:22 +02:00
2016-06-08 21:47:49 +02:00
$active_modules = $_POST [ 'active_modules' ];
2016-08-02 19:51:22 +02:00
2016-06-08 21:47:49 +02:00
if ( ! is_array ( $active_modules ))
$active_modules = array ();
2016-08-02 19:51:22 +02:00
2016-06-08 21:47:49 +02:00
update_site_option ( 'itsec_active_modules' , $active_modules );
return array ( 'result' => 'success' );
2016-08-02 19:51:22 +02:00
}
private function reload_backup_exclude ( ) {
return array (
'exclude' => ITSEC_Modules :: get_setting ( 'backup' , 'exclude' ),
'excludable_tables' => $this -> get_excludable_tables (),
'result' => 'success'
);
}
private function get_excludable_tables ( ) {
global $wpdb ;
$all_sites = ITSEC_Modules :: get_setting ( 'backup' , 'all_sites' );
$ignored_tables = array (
'commentmeta' ,
'comments' ,
'links' ,
'options' ,
'postmeta' ,
'posts' ,
'term_relationships' ,
'term_taxonomy' ,
'terms' ,
'usermeta' ,
'users' ,
);
if ( $all_sites ) {
$query = 'SHOW_TABLES' ;
} else {
$query = $wpdb -> prepare ( 'SHOW TABLES LIKE %s' , " { $wpdb -> base_prefix } % " );
}
$tables = $wpdb -> get_results ( $query , ARRAY_N );
$excludes = array ();
foreach ( $tables as $table ) {
$short_table = substr ( $table [ 0 ], strlen ( $wpdb -> prefix ) );
if ( in_array ( $short_table , $ignored_tables ) ) {
continue ;
}
$excludes [ $short_table ] = $table [ 0 ];
}
2016-06-08 21:47:49 +02:00
2016-08-02 19:51:22 +02:00
return $excludes ;
}
private function security_site () {
global $mainwp_itsec_modules_path ;
require_once ( $mainwp_itsec_modules_path . 'security-check/scanner.php' );
ITSEC_Security_Check_Scanner :: run ();
$response = ITSEC_Response :: get_response ();
return array ( 'result' => 'success' , 'response' => $response );
2016-06-08 21:47:49 +02:00
}
2015-10-15 22:52:37 +10:00
}
