public function generate_new_salts()
{
if (!ITSEC_Modules::get_setting('global', 'write_files')) {
return new WP_Error('itsec-wordpress-salts-utilities-write-files-disabled', __('The "Write to Files" setting is disabled in Global Settings. In order to use this feature, you must enable the "Write to Files" setting.', 'better-wp-security'));
}
require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php';
require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-file.php';
$config_file_path = ITSEC_Lib_Config_File::get_wp_config_file_path();
$config = ITSEC_Lib_File::read($config_file_path);
if (is_wp_error($config)) {
return new WP_Error('itsec-wordpress-salts-utilities-cannot-read-wp-config.php', sprintf(__('Unable to read the <code>wp-config.php</code> file in order to update the salts. You will need to manually update the file. Error details as follows: %1$s (%2$s)', 'better-wp-security'), $config->get_error_message(), $config->get_error_code()));
}
$defines = array('AUTH_KEY', 'SECURE_AUTH_KEY', 'LOGGED_IN_KEY', 'NONCE_KEY', 'AUTH_SALT', 'SECURE_AUTH_SALT', 'LOGGED_IN_SALT', 'NONCE_SALT');
foreach ($defines as $define) {
if (empty($salts)) {
$salts = self::get_new_salts();
}
$salt = array_pop($salts);
if (empty($salt)) {
$salt = wp_generate_password(64, true, true);
}
$salt = str_replace('$', '\\$', $salt);
$regex = "/(define\\s*\\(\\s*(['\"]){$define}\\2\\s*,\\s*)(['\"]).+?\\3(\\s*\\)\\s*;)/";
$config = preg_replace($regex, "\${1}'{$salt}'\${4}", $config);
}
$write_result = ITSEC_Lib_File::write($config_file_path, $config);
if (is_wp_error($write_result)) {
return new WP_Error('itsec-wordpress-salts-utilities-cannot-save-wp-config.php', sprintf(__('Unable to update the <code>wp-config.php</code> file in order to update the salts. You will need to manually update the file. Error details as follows: %1$s (%2$s)', 'better-wp-security'), $config->get_error_message(), $config->get_error_code()));
}
return true;
}
public static function get_server_config_default_blacklist_rules($server_type)
{
$rules = '';
require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-file.php';
$file = plugin_dir_path(__FILE__) . "lists/hackrepair-{$server_type}.inc";
if (ITSEC_Lib_File::is_file($file)) {
$default_list = ITSEC_Lib_File::read($file);
if (!empty($default_list)) {
$default_list = preg_replace('/^/m', "\t", $default_list);
$rules .= "\n";
$rules .= "\t# " . __('Enable HackRepair.com\'s blacklist feature - Security > Settings > Banned Users > Default Blacklist', 'better-wp-security') . "\n";
$rules .= $default_list;
}
}
return $rules;
}
/**
* Sanitize and validate input
*
*/
public function process_database_prefix()
{
global $wpdb, $itsec_files;
//suppress error messages due to timing
error_reporting(0);
@ini_set('display_errors', 0);
$check_prefix = true;
//Assume the first prefix we generate is unique
//generate a new table prefix that doesn't conflict with any other in use in the database
while ($check_prefix) {
$avail = 'abcdefghijklmnopqrstuvwxyz0123456789';
//first character should be alpha
$new_prefix = $avail[mt_rand(0, 25)];
//length of new prefix
$prelength = mt_rand(4, 9);
//generate remaning characters
for ($i = 0; $i < $prelength; $i++) {
$new_prefix .= $avail[mt_rand(0, 35)];
}
//complete with underscore
$new_prefix .= '_';
$new_prefix = esc_sql($new_prefix);
//just be safe
$check_prefix = $wpdb->get_results('SHOW TABLES LIKE "' . $new_prefix . '%";', ARRAY_N);
//if there are no tables with that prefix in the database set checkPrefix to false
}
//assume this will work
$type = 'updated';
$message = __('Settings Updated', 'better-wp-security');
$tables = $wpdb->get_results('SHOW TABLES LIKE "' . $wpdb->base_prefix . '%"', ARRAY_N);
//retrieve a list of all tables in the DB
//Rename each table
foreach ($tables as $table) {
$table = substr($table[0], strlen($wpdb->base_prefix), strlen($table[0]));
//Get the table name without the old prefix
//rename the table and generate an error if there is a problem
if ($wpdb->query('RENAME TABLE `' . $wpdb->base_prefix . $table . '` TO `' . $new_prefix . $table . '`;') === false) {
$type = 'error';
$message = sprintf('%s %s%s. %s', __('Error: Could not rename table', 'better-wp-security'), $wpdb->base_prefix, $table, __('You may have to rename the table manually.', 'better-wp-security'));
add_settings_error('itsec', esc_attr('settings_updated'), $message, $type);
}
}
if (is_multisite()) {
//multisite requires us to rename each blogs' options
$blogs = $wpdb->get_col("SELECT blog_id FROM `" . $new_prefix . "blogs` WHERE public = '1' AND archived = '0' AND mature = '0' AND spam = '0' ORDER BY blog_id DESC");
//get list of blog id's
if (is_array($blogs)) {
//make sure there are other blogs to update
//update each blog's user_roles option
foreach ($blogs as $blog) {
$wpdb->query('UPDATE `' . $new_prefix . $blog . '_options` SET option_name = "' . $new_prefix . $blog . '_user_roles" WHERE option_name = "' . $wpdb->base_prefix . $blog . '_user_roles" LIMIT 1;');
}
}
}
$upOpts = $wpdb->query('UPDATE `' . $new_prefix . 'options` SET option_name = "' . $new_prefix . 'user_roles" WHERE option_name = "' . $wpdb->base_prefix . 'user_roles" LIMIT 1;');
//update options table and set flag to false if there's an error
if ($upOpts === false) {
//set an error
$type = 'error';
$message = __('Could not update prefix references in options table.', 'better-wp-security');
add_settings_error('itsec', esc_attr('settings_updated'), $message, $type);
}
$rows = $wpdb->get_results('SELECT * FROM `' . $new_prefix . 'usermeta`');
//get all rows in usermeta
//update all prefixes in usermeta
foreach ($rows as $row) {
if (substr($row->meta_key, 0, strlen($wpdb->base_prefix)) == $wpdb->base_prefix) {
$pos = $new_prefix . substr($row->meta_key, strlen($wpdb->base_prefix), strlen($row->meta_key));
$result = $wpdb->query('UPDATE `' . $new_prefix . 'usermeta` SET meta_key="' . $pos . '" WHERE meta_key= "' . $row->meta_key . '" LIMIT 1;');
if ($result == false) {
$type = 'error';
$message = __('Could not update prefix references in usermeta table.', 'better-wp-security');
add_settings_error('itsec', esc_attr('settings_updated'), $message, $type);
}
}
}
require_once trailingslashit($GLOBALS['itsec_globals']['plugin_dir']) . 'core/lib/class-itsec-lib-config-file.php';
require_once trailingslashit($GLOBALS['itsec_globals']['plugin_dir']) . 'core/lib/class-itsec-lib-file.php';
$config_file_path = ITSEC_Lib_Config_File::get_wp_config_file_path();
$config = ITSEC_Lib_File::read($config_file_path);
$error = '';
if (is_wp_error($config)) {
$error = sprintf(__('Unable to read the <code>wp-config.php</code> file in order to update the Database Prefix. Error details as follows: %1$s (%2$s)', 'better-wp-security'), $config->get_error_message(), $config->get_error_code());
} else {
$regex = '/(\\$table_prefix\\s*=\\s*)([\'"]).+?\\2(\\s*;)/';
$config = preg_replace($regex, "\${1}'{$new_prefix}'\${3}", $config);
$write_result = ITSEC_Lib_File::write($config_file_path, $config);
if (is_wp_error($write_result)) {
$error = sprintf(__('Unable to update the <code>wp-config.php</code> file in order to update the Database Prefix. Error details as follows: %1$s (%2$s)', 'better-wp-security'), $config->get_error_message(), $config->get_error_code());
}
}
if (!empty($error)) {
add_settings_error('itsec', esc_attr('settings_updated'), $error, 'error');
add_site_option('itsec_manual_update', true);
}
$this->settings = $new_prefix;
//this tells the form field that all went well.
if (is_multisite()) {
if (!empty($error)) {
$error_handler = new WP_Error();
$error_handler->add('error', $error);
$this->core->show_network_admin_notice($error_handler);
} else {
$this->core->show_network_admin_notice(false);
}
$this->settings = false;
}
}
protected function get_server_config_default_blacklist_rules($server_type)
{
if (true !== $this->settings['default']) {
return '';
}
$rules = '';
require_once trailingslashit($GLOBALS['itsec_globals']['plugin_dir']) . 'core/lib/class-itsec-lib-file.php';
$file = plugin_dir_path(__FILE__) . "lists/hackrepair-{$server_type}.inc";
if (ITSEC_Lib_File::is_file($file)) {
$default_list = ITSEC_Lib_File::read($file);
if (!empty($default_list)) {
$default_list = preg_replace('/^/m', "\t", $default_list);
$rules .= "\n";
$rules .= "\t# " . __('Enable HackRepair.com\'s blacklist feature - Security > Settings > Banned Users > Default Blacklist', 'better-wp-security') . "\n";
$rules .= $default_list;
}
}
return $rules;
}
/**
* Returns the contents of the file.
*
* @since 1.15.0
* @access protected
*
* @param string $file Config file to read.
* @return string|WP_Error The contents of the file, an empty string if the file does not exist, or a WP_Error object on error.
*/
protected static function get_file_contents($file)
{
if (!ITSEC_Lib_File::exists($file)) {
return '';
}
$contents = ITSEC_Lib_File::read($file);
if (is_wp_error($contents)) {
return new WP_Error('itsec-lib-config-file-cannot-read-file', sprintf(__('Unable to read %1$s due to the following error: %2$s', 'it-l10n-better-wp-security'), $file, $contents->get_error_message()));
}
return $contents;
}
/**
* Sanitize and validate input
*
* @since 4.6.0
*/
public function process_salts() {
global $itsec_globals;
require_once( trailingslashit( $GLOBALS['itsec_globals']['plugin_dir'] ) . 'core/lib/class-itsec-lib-config-file.php' );
require_once( trailingslashit( $GLOBALS['itsec_globals']['plugin_dir'] ) . 'core/lib/class-itsec-lib-file.php' );
$config_file_path = ITSEC_Lib_Config_File::get_wp_config_file_path();
$config = ITSEC_Lib_File::read( $config_file_path );
$error = '';
if ( is_wp_error( $config ) ) {
$error = sprintf( __( 'Unable to read the <code>wp-config.php</code> file in order to update the salts. Error details as follows: %1$s (%2$s)', 'it-l10n-ithemes-security-pro' ), $config->get_error_message(), $config->get_error_code() );
} else {
$defines = array(
'AUTH_KEY',
'SECURE_AUTH_KEY',
'LOGGED_IN_KEY',
'NONCE_KEY',
'AUTH_SALT',
'SECURE_AUTH_SALT',
'LOGGED_IN_SALT',
'NONCE_SALT',
);
foreach ( $defines as $define ) {
$new_salt = $this->get_salt();
$new_salt = str_replace( '$', '\\$', $new_salt );
$regex = "/(define\s*\(\s*(['\"])$define\\2\s*,\s*)(['\"]).+?\\3(\s*\)\s*;)/";
$config = preg_replace( $regex, "\${1}'$new_salt'\${4}", $config );
}
$write_result = ITSEC_Lib_File::write( $config_file_path, $config );
if ( is_wp_error( $write_result ) ) {
$error = sprintf( __( 'Unable to update the <code>wp-config.php</code> file in order to update the salts. Error details as follows: %1$s (%2$s)', 'it-l10n-ithemes-security-pro' ), $config->get_error_message(), $config->get_error_code() );
}
}
if ( ! empty( $error ) ) {
add_settings_error( 'itsec', esc_attr( 'settings_updated' ), $error, 'error' );
add_site_option( 'itsec_manual_update', true );
}
$this->settings = true; //this tells the form field that all went well.
if ( is_multisite() ) {
if ( ! empty( $error ) ) {
$error_handler = new WP_Error();
$error_handler->add( 'error', $error );
$this->core->show_network_admin_notice( $error_handler );
} else {
$this->core->show_network_admin_notice( false );
}
$this->settings = true;
}
if ( $this->settings === true ) {
update_site_option( 'itsec_salts', $itsec_globals['current_time_gmt'] );
wp_clear_auth_cookie();
$redirect_to = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ITSEC_Lib::get_home_root() . 'wp-login.php?loggedout=true';
wp_safe_redirect( $redirect_to );
}
}
protected function is_modified_by_it_security()
{
if (!$this->is_custom_directory()) {
return false;
}
if (isset($this->is_modified_by_it_security)) {
return $this->is_modified_by_it_security;
}
$this->is_modified_by_it_security = false;
require_once trailingslashit($GLOBALS['itsec_globals']['plugin_dir']) . 'core/lib/class-itsec-lib-config-file.php';
$wp_config_file = ITSEC_Lib_Config_File::get_wp_config_file_path();
if (empty($wp_config_file)) {
return false;
}
require_once trailingslashit($GLOBALS['itsec_globals']['plugin_dir']) . 'core/lib/class-itsec-lib-file.php';
$wp_config = ITSEC_Lib_File::read($wp_config_file);
if (is_wp_error($wp_config)) {
return false;
}
$define_expression = $this->get_wp_config_define_expression();
if (!preg_match($define_expression, $wp_config)) {
return false;
}
require_once trailingslashit($GLOBALS['itsec_globals']['plugin_dir']) . 'core/lib/class-itsec-lib-utility.php';
$wp_config_without_comments = ITSEC_Lib_Utility::strip_php_comments($wp_config);
if (is_wp_error($wp_config_without_comments)) {
return false;
}
$define_expression_without_comment = $this->get_wp_config_define_expression(false);
if (!preg_match($define_expression_without_comment, $wp_config_without_comments)) {
return false;
}
$this->is_modified_by_it_security = true;
return true;
}
public static function is_modified_by_it_security()
{
if (isset($GLOBALS['__itsec_content_directory_is_modified_by_it_security'])) {
return $GLOBALS['__itsec_content_directory_is_modified_by_it_security'];
}
$GLOBALS['__itsec_content_directory_is_modified_by_it_security'] = false;
if (!self::is_custom_directory()) {
return false;
}
require_once $GLOBALS['itsec_globals']['plugin_dir'] . 'core/lib/class-itsec-lib-config-file.php';
$wp_config_file = ITSEC_Lib_Config_File::get_wp_config_file_path();
if (empty($wp_config_file)) {
return false;
}
require_once $GLOBALS['itsec_globals']['plugin_dir'] . 'core/lib/class-itsec-lib-file.php';
$wp_config = ITSEC_Lib_File::read($wp_config_file);
if (is_wp_error($wp_config)) {
return false;
}
$define_expression = self::get_wp_config_define_expression();
if (!preg_match($define_expression, $wp_config)) {
return false;
}
require_once $GLOBALS['itsec_globals']['plugin_dir'] . 'core/lib/class-itsec-lib-utility.php';
$wp_config_without_comments = ITSEC_Lib_Utility::strip_php_comments($wp_config);
if (is_wp_error($wp_config_without_comments)) {
return false;
}
$define_expression_without_comment = self::get_wp_config_define_expression(false);
if (!preg_match($define_expression_without_comment, $wp_config_without_comments)) {
return false;
}
$GLOBALS['__itsec_content_directory_is_modified_by_it_security'] = true;
return true;
}
public static function change_database_prefix()
{
global $wpdb;
require_once $GLOBALS['itsec_globals']['plugin_dir'] . 'core/lib/class-itsec-lib-config-file.php';
require_once $GLOBALS['itsec_globals']['plugin_dir'] . 'core/lib/class-itsec-lib-file.php';
$response = array('errors' => array(), 'new_prefix' => false);
//suppress error messages due to timing
// error_reporting( 0 );
// @ini_set( 'display_errors', 0 );
$check_prefix = true;
//Assume the first prefix we generate is unique
//generate a new table prefix that doesn't conflict with any other in use in the database
while ($check_prefix) {
$avail = 'abcdefghijklmnopqrstuvwxyz0123456789';
//first character should be alpha
$new_prefix = $avail[mt_rand(0, 25)];
//length of new prefix
$prelength = mt_rand(4, 9);
//generate remaning characters
for ($i = 0; $i < $prelength; $i++) {
$new_prefix .= $avail[mt_rand(0, 35)];
}
//complete with underscore
$new_prefix .= '_';
$new_prefix = esc_sql($new_prefix);
//just be safe
$check_prefix = $wpdb->get_results('SHOW TABLES LIKE "' . $new_prefix . '%";', ARRAY_N);
//if there are no tables with that prefix in the database set checkPrefix to false
}
$config_file_path = ITSEC_Lib_Config_File::get_wp_config_file_path();
$config = ITSEC_Lib_File::read($config_file_path);
if (is_wp_error($config)) {
/* translators: 1: Specific error details */
$response['errors'][] = new WP_Error($confix->get_error_code(), sprintf(__('Unable to read the <code>wp-config.php</code> file in order to update the Database Prefix. Error details as follows: %1$s', 'better-wp-security'), $config->get_error_message()));
return $response;
}
$regex = '/(\\$table_prefix\\s*=\\s*)([\'"]).+?\\2(\\s*;)/';
$config = preg_replace($regex, "\${1}'{$new_prefix}'\${3}", $config);
$write_result = ITSEC_Lib_File::write($config_file_path, $config);
if (is_wp_error($write_result)) {
/* translators: 1: Specific error details */
$response['errors'][] = new WP_Error($confix->get_error_code(), sprintf(__('Unable to update the <code>wp-config.php</code> file in order to update the Database Prefix. Error details as follows: %1$s', 'better-wp-security'), $config->get_error_message()));
return $response;
}
$response['new_prefix'] = $new_prefix;
$tables = $wpdb->get_results('SHOW TABLES LIKE "' . $wpdb->base_prefix . '%"', ARRAY_N);
//retrieve a list of all tables in the DB
//Rename each table
foreach ($tables as $table) {
$table = substr($table[0], strlen($wpdb->base_prefix), strlen($table[0]));
//Get the table name without the old prefix
//rename the table and generate an error if there is a problem
if ($wpdb->query('RENAME TABLE `' . $wpdb->base_prefix . $table . '` TO `' . $new_prefix . $table . '`;') === false) {
$response['errors'][] = new WP_Error('itsec-database-prefix-utility-change-database-prefix-failed-table-rename', sprintf(__('Could not rename table %1$s. You may have to rename the table manually.', 'better-wp-security'), $wpdb->base_prefix . $table));
}
}
if (is_multisite()) {
//multisite requires us to rename each blogs' options
$blogs = $wpdb->get_col("SELECT blog_id FROM `" . $new_prefix . "blogs` WHERE public = '1' AND archived = '0' AND mature = '0' AND spam = '0' ORDER BY blog_id DESC");
//get list of blog id's
if (is_array($blogs)) {
//make sure there are other blogs to update
//update each blog's user_roles option
foreach ($blogs as $blog) {
$wpdb->query('UPDATE `' . $new_prefix . $blog . '_options` SET option_name = "' . $new_prefix . $blog . '_user_roles" WHERE option_name = "' . $wpdb->base_prefix . $blog . '_user_roles" LIMIT 1;');
}
}
}
$upOpts = $wpdb->query('UPDATE `' . $new_prefix . 'options` SET option_name = "' . $new_prefix . 'user_roles" WHERE option_name = "' . $wpdb->base_prefix . 'user_roles" LIMIT 1;');
//update options table and set flag to false if there's an error
if ($upOpts === false) {
//set an error
$response['errors'][] = new WP_Error('itsec-database-prefix-utility-change-database-prefix-failed-options-update', __('Could not update prefix references in options table.', 'better-wp-security'));
}
$rows = $wpdb->get_results('SELECT * FROM `' . $new_prefix . 'usermeta`');
//get all rows in usermeta
//update all prefixes in usermeta
foreach ($rows as $row) {
if (substr($row->meta_key, 0, strlen($wpdb->base_prefix)) == $wpdb->base_prefix) {
$pos = $new_prefix . substr($row->meta_key, strlen($wpdb->base_prefix), strlen($row->meta_key));
$result = $wpdb->query('UPDATE `' . $new_prefix . 'usermeta` SET meta_key="' . $pos . '" WHERE meta_key= "' . $row->meta_key . '" LIMIT 1;');
if ($result == false) {
$response['errors'][] = new WP_Error('itsec-database-prefix-utility-change-database-prefix-failed-usermeta-update', __('Could not update prefix references in usermeta table.', 'better-wp-security'));
}
}
}
return $response;
}
