/**
* Write all active rules to .htaccess file.
*
* @return boolean True on success, false on failure.
*/
static function write_to_htaccess()
{
global $aio_wp_security;
//figure out what server is being used
if (AIOWPSecurity_Utility::get_server_type() == -1) {
$aio_wp_security->debug_logger->log_debug("Unable to write to .htaccess - server type not supported!", 4);
return false;
//unable to write to the file
}
//clean up old rules first
if (AIOWPSecurity_Utility_Htaccess::delete_from_htaccess() == -1) {
$aio_wp_security->debug_logger->log_debug("Delete operation of .htaccess file failed!", 4);
return false;
//unable to write to the file
}
$htaccess = ABSPATH . '.htaccess';
if (!($f = @fopen($htaccess, 'a+'))) {
@chmod($htaccess, 0644);
if (!($f = @fopen($htaccess, 'a+'))) {
$aio_wp_security->debug_logger->log_debug("chmod operation on .htaccess failed!", 4);
return false;
}
}
AIOWPSecurity_Utility_File::backup_and_rename_htaccess($htaccess);
//TODO - we dont want to continually be backing up the htaccess file
@ini_set('auto_detect_line_endings', true);
$ht = explode(PHP_EOL, implode('', file($htaccess)));
//parse each line of file into array
$rules = AIOWPSecurity_Utility_Htaccess::getrules();
$rulesarray = explode(PHP_EOL, $rules);
$rulesarray = apply_filters('aiowps_htaccess_rules_before_writing', $rulesarray);
$contents = array_merge($rulesarray, $ht);
if (!($f = @fopen($htaccess, 'w+'))) {
$aio_wp_security->debug_logger->log_debug("Write operation on .htaccess failed!", 4);
return false;
//we can't write to the file
}
$blank = false;
//write each line to file
foreach ($contents as $insertline) {
if (trim($insertline) == '') {
if ($blank == false) {
fwrite($f, PHP_EOL . trim($insertline));
}
$blank = true;
} else {
$blank = false;
fwrite($f, PHP_EOL . trim($insertline));
}
}
@fclose($f);
return true;
//success
}
static function run_deactivation_tasks()
{
global $wpdb;
if (function_exists('is_multisite') && is_multisite()) {
// check if it is a network activation - if so, run the activation function for each blog id
if (isset($_GET['networkwide']) && $_GET['networkwide'] == 1) {
$old_blog = $wpdb->blogid;
// Get all blog ids
$blogids = $wpdb->get_col("SELECT blog_id FROM {$wpdb->blogs}");
foreach ($blogids as $blog_id) {
switch_to_blog($blog_id);
}
switch_to_blog($old_blog);
return;
}
}
//Let's backup .htaccess contents when AIOWPS was active
$ht_file = ABSPATH . '.htaccess';
$key_desc_ht_backup = 'aiowps_htaccess_backup';
//This will be the key to decribe the entry we are inserting into the global_meta table
AIOWPSecurity_Utility_File::backup_file_contents_to_db($ht_file, $key_desc_ht_backup);
//Store the original htaccess contents in our global_meta table (ie, before AIOWPS was active)
//Let's backup wp_config.php contents
$wp_config_file = ABSPATH . 'wp-config.php';
$key_desc_wp_config_backup = 'aiowps_wp_config_php_backup';
//This will be the key to decribe the entry we are inserting into the global_meta table
AIOWPSecurity_Utility_File::backup_file_contents_to_db($wp_config_file, $key_desc_wp_config_backup);
//Store the original htaccess contents in our global_meta table (ie, before AIOWPS was active)
//Restore original contents of .htaccess file upon deactivation
$htaccess_file_contents = AIOWPSecurity_Deactivation::get_original_file_contents('original_htaccess_backup');
if ($htaccess_file_contents) {
if (file_put_contents($ht_file, $htaccess_file_contents) === false) {
//File write failed
$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Deactivation::run_deactivation_tasks() - Failed to write to .htaccess file", 4);
}
}
//Restore original contents of wp-config.php file upon deactivation
$wp_config_file_contents = AIOWPSecurity_Deactivation::get_original_file_contents('original_wp_config_php_backup');
if ($wp_config_file_contents) {
if (file_put_contents($wp_config_file, $wp_config_file_contents) === false) {
//File write failed
$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Deactivation::run_deactivation_tasks() - Failed to write to wp-config.php file", 4);
}
}
}
static function recursive_file_search($pattern = '*', $flags = 0, $path = '')
{
$paths = glob($path . '*', GLOB_MARK | GLOB_ONLYDIR | GLOB_NOSORT);
if ($paths === FALSE) {
return FALSE;
}
$files = glob($path . $pattern, $flags);
if ($files === FALSE) {
return FALSE;
}
foreach ($paths as $path) {
$files = array_merge($files, AIOWPSecurity_Utility_File::recursive_file_search($pattern, $flags, $path));
}
return $files;
}
function do_other_admin_side_init_tasks()
{
global $aio_wp_security;
//***New Feature improvement for Cookie Based Brute Force Protection***//
//The old "test cookie" used to be too easy to guess because someone could just read the code and get the value.
//So now we will drop a more secure test cookie using a 10 digit random string
if ($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention') == '1') {
// This code is for users who had this feature saved using an older release. This will drop the new more secure test cookie to the browser and will write it to the .htaccess file too
$test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
if (empty($test_cookie)) {
$random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
$test_cookie_name = 'aiowps_cookie_test_' . $random_suffix;
$aio_wp_security->configs->set_value('aiowps_cookie_brute_test', $test_cookie_name);
$aio_wp_security->configs->save_config();
//save the value
AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, "1");
//Write this new cookie to the .htaccess file
$res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
if ($res == -1) {
$aio_wp_security->debug_logger->log_debug("Error writing new test cookie with random suffix to .htaccess file!", 4);
}
}
}
//For cookie test form submission case
if (isset($_GET['page']) && $_GET['page'] == AIOWPSEC_BRUTE_FORCE_MENU_SLUG && isset($_GET['tab']) && $_GET['tab'] == 'tab2') {
global $aio_wp_security;
if (isset($_POST['aiowps_do_cookie_test_for_bfla'])) {
$random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
$test_cookie_name = 'aiowps_cookie_test_' . $random_suffix;
$aio_wp_security->configs->set_value('aiowps_cookie_brute_test', $test_cookie_name);
$aio_wp_security->configs->save_config();
//save the value
AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, "1");
$cur_url = "admin.php?page=" . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . "&tab=tab2";
$redirect_url = AIOWPSecurity_Utility::add_query_data_to_url($cur_url, 'aiowps_cookie_test', "1");
AIOWPSecurity_Utility::redirect_to_url($redirect_url);
}
if (isset($_POST['aiowps_enable_brute_force_attack_prevention'])) {
$brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
if (empty($brute_force_feature_secret_word)) {
$brute_force_feature_secret_word = "aiowps_secret";
}
AIOWPSecurity_Utility::set_cookie_value($brute_force_feature_secret_word, "1");
}
if (isset($_REQUEST['aiowps_cookie_test'])) {
$test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
$cookie_val = AIOWPSecurity_Utility::get_cookie_value($test_cookie);
if (empty($cookie_val)) {
$aio_wp_security->configs->set_value('aiowps_cookie_test_success', '');
} else {
$aio_wp_security->configs->set_value('aiowps_cookie_test_success', '1');
}
$aio_wp_security->configs->save_config();
//save the value
}
}
if (isset($_POST['aiowps_save_wp_config'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-save-wp-config-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on wp_config file save!", 4);
die("Nonce check failed on wp_config file save!");
}
$wp_config_path = AIOWPSecurity_Utility_File::get_wp_config_file_path();
$result = AIOWPSecurity_Utility_File::backup_and_rename_wp_config($wp_config_path);
//Backup the wp_config.php file
AIOWPSecurity_Utility_File::download_a_file_option1($wp_config_path, "wp-config-backup.txt");
}
//Handle export settings
if (isset($_POST['aiowps_export_settings'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-export-settings-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on export AIOWPS settings!", 4);
die("Nonce check failed on export AIOWPS settings!");
}
$config_data = get_option('aio_wp_security_configs');
$output = json_encode($config_data);
AIOWPSecurity_Utility_File::download_content_to_a_file($output);
}
}
function change_db_prefix($table_old_prefix, $table_new_prefix)
{
global $wpdb, $aio_wp_security;
$old_prefix_length = strlen($table_old_prefix);
$error = 0;
//Config file path
$config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path();
//Get the table resource
//$result = mysql_list_tables(DB_NAME);
$result = $this->get_mysql_tables(DB_NAME);
//Fix for deprecated php mysql_list_tables function
//Count the number of tables
if (is_array($result) && count($result) > 0) {
$num_rows = count($result);
} else {
echo '<div class="aio_red_box"><p>' . __('Error - Could not get tables or no tables found!', 'all-in-one-wp-security-and-firewall') . '</p></div>';
return;
}
$table_count = 0;
$info_msg_string = '<p class="aio_info_with_icon">' . __('Starting DB prefix change operations.....', 'all-in-one-wp-security-and-firewall') . '</p>';
$info_msg_string .= '<p class="aio_info_with_icon">' . sprintf(__('Your WordPress system has a total of %s tables and your new DB prefix will be: %s', 'all-in-one-wp-security-and-firewall'), '<strong>' . $num_rows . '</strong>', '<strong>' . $table_new_prefix . '</strong>') . '</p>';
echo $info_msg_string;
//Do a back of the config file
if (!AIOWPSecurity_Utility_File::backup_and_rename_wp_config($config_file)) {
echo '<div class="aio_red_box"><p>' . __('Failed to make a backup of the wp-config.php file. This operation will not go ahead.', 'all-in-one-wp-security-and-firewall') . '</p></div>';
return;
} else {
echo '<p class="aio_success_with_icon">' . __('A backup copy of your wp-config.php file was created successfully!', 'all-in-one-wp-security-and-firewall') . '</p>';
}
//Get multisite blog_ids if applicable
if (AIOWPSecurity_Utility::is_multisite_install()) {
$blog_ids = AIOWPSecurity_Utility::get_blog_ids();
}
//Rename all the table names
foreach ($result as $db_table) {
//Get table name with old prefix
$table_old_name = $db_table;
if (strpos($table_old_name, $table_old_prefix) === 0) {
//Get table name with new prefix
$table_new_name = $table_new_prefix . substr($table_old_name, $old_prefix_length);
//Write query to rename tables name
$sql = "RENAME TABLE `" . $table_old_name . "` TO `" . $table_new_name . "`";
//$sql = "RENAME TABLE %s TO %s";
//Execute the query
if (false === $wpdb->query($sql)) {
$error = 1;
echo '<p class="aio_error_with_icon">' . sprintf(__('%s table name update failed', 'all-in-one-wp-security-and-firewall'), '<strong>' . $table_old_name . '</strong>') . '</p>';
$aio_wp_security->debug_logger->log_debug("DB Security Feature - Unable to change prefix of table " . $table_old_name, 4);
} else {
$table_count++;
}
} else {
continue;
}
}
if ($error == 1) {
echo '<p class="aio_error_with_icon">' . sprintf(__('Please change the prefix manually for the above tables to: %s', 'all-in-one-wp-security-and-firewall'), '<strong>' . $table_new_prefix . '</strong>') . '</p>';
} else {
echo '<p class="aio_success_with_icon">' . sprintf(__('%s tables had their prefix updated successfully!', 'all-in-one-wp-security-and-firewall'), '<strong>' . $table_count . '</strong>') . '</p>';
}
//Get wp-config.php file contents and modify it with new info
$config_contents = file($config_file);
$prefix_match_string = '$table_prefix=';
//this is our search string for the wp-config.php file
foreach ($config_contents as $line_num => $line) {
$no_ws_line = preg_replace('/\\s+/', '', $line);
//Strip white spaces
if (strpos($no_ws_line, $prefix_match_string) !== FALSE) {
$config_contents[$line_num] = str_replace($table_old_prefix, $table_new_prefix, $line);
break;
}
}
//Now let's modify the wp-config.php file
if (AIOWPSecurity_Utility_File::write_content_to_file($config_file, $config_contents)) {
echo '<p class="aio_success_with_icon">' . __('wp-config.php file was updated successfully!', 'all-in-one-wp-security-and-firewall') . '</p>';
} else {
echo '<p class="aio_error_with_icon">' . sprintf(__('The "wp-config.php" file was not able to be modified. Please modify this file manually using your favourite editor and search
for variable "$table_prefix" and assign the following value to that variable: %s', 'all-in-one-wp-security-and-firewall'), '<strong>' . $table_new_prefix . '</strong>') . '</p>';
$aio_wp_security->debug_logger->log_debug("DB Security Feature - Unable to modify wp-config.php", 4);
}
//Now let's update the options table
$update_option_table_query = "UPDATE " . $table_new_prefix . "options \r\r\n SET option_name = '" . $table_new_prefix . "user_roles' \r\r\n WHERE option_name = '" . $table_old_prefix . "user_roles' \r\r\n LIMIT 1";
if (false === $wpdb->query($update_option_table_query)) {
echo '<p class="aio_error_with_icon">' . sprintf(__('Update of table %s failed: unable to change %s to %s', 'all-in-one-wp-security-and-firewall'), $table_new_prefix . 'options', $table_old_prefix . 'user_roles', $table_new_prefix . 'user_roles') . '</p>';
$aio_wp_security->debug_logger->log_debug("DB Security Feature - Error when updating the options table", 4);
//Log the highly unlikely event of DB error
} else {
echo '<p class="aio_success_with_icon">' . sprintf(__('The options table records which had references to the old DB prefix were updated successfully!', 'all-in-one-wp-security-and-firewall')) . '</p>';
}
//Now let's update the options tables for the multisite subsites if applicable
if (AIOWPSecurity_Utility::is_multisite_install()) {
if (!empty($blog_ids)) {
foreach ($blog_ids as $blog_id) {
if ($blog_id == 1) {
continue;
}
//skip main site
$new_pref_and_site_id = $table_new_prefix . $blog_id . '_';
$old_pref_and_site_id = $table_old_prefix . $blog_id . '_';
$update_ms_option_table_query = "UPDATE " . $new_pref_and_site_id . "options\r\r\n SET option_name = '" . $new_pref_and_site_id . "user_roles'\r\r\n WHERE option_name = '" . $old_pref_and_site_id . "user_roles'\r\r\n LIMIT 1";
if (false === $wpdb->query($update_ms_option_table_query)) {
echo '<p class="aio_error_with_icon">' . sprintf(__('Update of table %s failed: unable to change %s to %s', 'all-in-one-wp-security-and-firewall'), $new_pref_and_site_id . 'options', $old_pref_and_site_id . 'user_roles', $new_pref_and_site_id . 'user_roles') . '</p>';
$aio_wp_security->debug_logger->log_debug("DB change prefix feature - Error when updating the subsite options table: " . $new_pref_and_site_id . 'options', 4);
//Log the highly unlikely event of DB error
} else {
echo '<p class="aio_success_with_icon">' . sprintf(__('The %s table records which had references to the old DB prefix were updated successfully!', 'all-in-one-wp-security-and-firewall'), $new_pref_and_site_id . 'options') . '</p>';
}
}
}
}
//Now let's update the user meta table
$custom_sql = "SELECT user_id, meta_key \r\r\n FROM " . $table_new_prefix . "usermeta \r\r\n WHERE meta_key \r\r\n LIKE '" . $table_old_prefix . "%'";
$meta_keys = $wpdb->get_results($custom_sql);
$error_update_usermeta = '';
//Update all meta_key field values which have the old table prefix in user_meta table
foreach ($meta_keys as $meta_key) {
//Create new meta key
$new_meta_key = $table_new_prefix . substr($meta_key->meta_key, $old_prefix_length);
$update_user_meta_sql = "UPDATE " . $table_new_prefix . "usermeta \r\r\n SET meta_key='" . $new_meta_key . "' \r\r\n WHERE meta_key='" . $meta_key->meta_key . "'\r\r\n AND user_id='" . $meta_key->user_id . "'";
if (false === $wpdb->query($update_user_meta_sql)) {
$error_update_usermeta .= '<p class="aio_error_with_icon">' . sprintf(__('Error updating user_meta table where new meta_key = %s, old meta_key = %s and user_id = %s.', 'all-in-one-wp-security-and-firewall'), $new_meta_key, $meta_key->meta_key, $meta_key->user_id) . '</p>';
echo $error_update_usermeta;
$aio_wp_security->debug_logger->log_debug("DB Security Feature - Error updating user_meta table where new meta_key = " . $new_meta_key . " old meta_key = " . $meta_key->meta_key . " and user_id = " . $meta_key->user_id, 4);
//Log the highly unlikely event of DB error
}
}
echo '<p class="aio_success_with_icon">' . __('The usermeta table records which had references to the old DB prefix were updated successfully!', 'all-in-one-wp-security-and-firewall') . '</p>';
//Display tasks finished message
$tasks_finished_msg_string = '<p class="aio_info_with_icon">' . __('DB prefix change tasks have been completed.', 'all-in-one-wp-security-and-firewall') . '</p>';
echo $tasks_finished_msg_string;
}
function aiowps_delete_backup_files()
{
global $aio_wp_security;
if ($aio_wp_security->configs->get_value('aiowps_backup_files_stored') > 0) {
$path_parts = pathinfo($this->last_backup_file_path);
$backups_path = $path_parts['dirname'];
$files = AIOWPSecurity_Utility_File::scan_dir_sort_date($backups_path);
$count = 0;
foreach ($files as $file) {
if (strpos($file, 'database-backup') !== false) {
if ($count >= $aio_wp_security->configs->get_value('aiowps_backup_files_stored')) {
@unlink($backups_path . '/' . $file);
}
$count++;
}
}
}
}
function show_wp_filesystem_permission_status($name, $path, $recommended)
{
$fix = false;
$configmod = AIOWPSecurity_Utility_File::get_file_permission($path);
if ($configmod == "0777") {
$trclass = "aio_table_row_red";
//Display a red background if permissions are set as least secure ("777")
$fix = true;
} else {
if ($configmod != $recommended) {
//$res = $this->is_file_permission_secure($recommended, $configmod);
$res = AIOWPSecurity_Utility_File::is_file_permission_secure($recommended, $configmod);
if ($res) {
$trclass = "aio_table_row_green";
//If the current permissions are even tighter than recommended then display a green row
$fix = true;
} else {
$trclass = "aio_table_row_yellow";
//Display a yellow background if permissions are set to something different than recommended
$fix = true;
}
} else {
$trclass = "aio_table_row_green";
}
}
echo "<tr class=" . $trclass . ">";
echo '<td>' . $name . "</td>";
echo '<td>' . $path . "</td>";
echo '<td>' . $configmod . '</td>';
echo '<td>' . $recommended . '</td>';
if ($fix) {
echo '<td>
<input type="submit" name="aiowps_fix_permissions" value="' . __('Set Recommended Permissions', 'aiowpsecurity') . '" class="button-secondary" />
<input type="hidden" name="aiowps_permission_chg_file" value="' . $path . '"/>
<input type="hidden" name="aiowps_recommended_permissions" value="' . $recommended . '"/>
</td>';
} else {
echo '<td>' . __('No Action Required', 'aiowpsecurity') . '</td>';
}
echo "</tr>";
}
/**
* This function will perform a database backup
*/
function execute_backup()
{
global $wpdb, $aio_wp_security;
$is_multi_site = false;
@ini_set('auto_detect_line_endings', true);
if (function_exists('is_multisite') && is_multisite()) {
//Let's get the current site's table prefix
$site_pref = esc_sql($wpdb->prefix);
$db_query = "SHOW TABLES LIKE '" . $site_pref . "%'";
$tables = $wpdb->get_results($db_query, ARRAY_N);
$is_multi_site = true;
} else {
//get all of the tables
$tables = $wpdb->get_results('SHOW TABLES', ARRAY_N);
}
$return = '';
//cycle through each table
foreach ($tables as $table) {
$result = $wpdb->get_results('SELECT * FROM `' . $table[0] . '`;', ARRAY_N);
$num_fields = sizeof($wpdb->get_results('DESCRIBE `' . $table[0] . '`;'));
$return .= 'DROP TABLE IF EXISTS `' . $table[0] . '`;';
$row2 = $wpdb->get_row('SHOW CREATE TABLE `' . $table[0] . '`;', ARRAY_N);
$return .= PHP_EOL . PHP_EOL . $row2[1] . ";" . PHP_EOL . PHP_EOL;
foreach ($result as $row) {
$return .= 'INSERT INTO `' . $table[0] . '` VALUES(';
for ($j = 0; $j < $num_fields; $j++) {
$row[$j] = addslashes($row[$j]);
//$row[$j] = ereg_replace( PHP_EOL, "\n", $row[$j] ); //deprecated!
$row[$j] = preg_replace("/" . PHP_EOL . "/", "\n", $row[$j]);
if (isset($row[$j])) {
$return .= '"' . $row[$j] . '"';
} else {
$return .= '""';
}
if ($j < $num_fields - 1) {
$return .= ',';
}
}
$return .= ");" . PHP_EOL;
}
$return .= PHP_EOL . PHP_EOL;
}
$return .= PHP_EOL . PHP_EOL;
//Check to see if the main "backups" directory exists - create it otherwise
$aiowps_backup_dir = WP_CONTENT_DIR . '/' . AIO_WP_SECURITY_BACKUPS_DIR_NAME;
$aiowps_backup_url = content_url() . '/' . AIO_WP_SECURITY_BACKUPS_DIR_NAME;
if (!AIOWPSecurity_Utility_File::create_dir($aiowps_backup_dir)) {
$aio_wp_security->debug_logger->log_debug("Creation of DB backup directory failed!", 4);
return false;
}
//Generate a random prefix for more secure filenames
$random_prefix = $random_prefix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(14);
if ($is_multi_site) {
global $current_blog;
$blog_id = $current_blog->blog_id;
//Get the current site name string for use later
$site_name = get_bloginfo('name');
$site_name = strtolower($site_name);
//make alphaunermic
$site_name = preg_replace("/[^a-z0-9_\\s-]/", "", $site_name);
//Cleanup multiple instances of dashes or whitespaces
$site_name = preg_replace("/[\\s-]+/", " ", $site_name);
//Convert whitespaces and underscore to dash
$site_name = preg_replace("/[\\s_]/", "-", $site_name);
$file = $random_prefix . '-database-backup-site-name-' . $site_name . '-' . current_time('timestamp');
//We will create a sub dir for the blog using its blog id
$dirpath = $aiowps_backup_dir . '/blogid_' . $blog_id . '/';
//Create a subdirectory for this blog_id
if (!AIOWPSecurity_Utility_File::create_dir($dirpath)) {
$aio_wp_security->debug_logger->log_debug("Creation failed of DB backup directory for the following multisite blog ID: " . $blog_details->blog_id, 4);
return false;
}
$fileName = $dirpath . '/' . $file . '.sql';
$handle = @fopen($fileName, 'w+');
} else {
$dirpath = $aiowps_backup_dir;
$file = $random_prefix . '-database-backup-' . current_time('timestamp');
$fileName = $dirpath . '/' . $file . '.sql';
$handle = @fopen($fileName, 'w+');
}
/*** Try upping the memory limit before gzipping */
if (function_exists('memory_get_usage') && (int) @ini_get('memory_limit') < 64) {
@ini_set('memory_limit', '64M');
}
if (!file_exists($fileName)) {
echo "FILE DOES NOT EXISTS";
exit;
$handle = @fopen($fileName, 'w+');
}
$fw_res = @fwrite($handle, $return);
if (!$fw_res) {
return false;
}
@fclose($handle);
//zip the file
/*if ( class_exists( 'ZipArchive' ) )
{
$zip = new ZipArchive();
$archive = $zip->open($dirpath . '/' . $file . '.zip', ZipArchive::CREATE);
$zip->addFile($dirpath . '/' . $file . '.sql', $file . '.sql' );
$zip->close();
//delete .sql and keep zip
@unlink( $dirpath . '/' . $file . '.sql' );
$fileext = '.zip';
} else
{
$fileext = '.sql';
}*/
$fileext = '.sql';
$this->last_backup_file_name = $file . $fileext;
//database-backup-1367644822.zip or database-backup-1367644822.sql
$this->last_backup_file_path = $dirpath . '/' . $file . $fileext;
if ($is_multi_site) {
$this->last_backup_file_dir_multisite = $aiowps_backup_dir . '/blogid_' . $blog_id;
}
$this->aiowps_send_backup_email();
//Send backup file via email if applicable
$this->aiowps_delete_backup_files();
return true;
}
function check_filesystem_permissions_feature($item)
{
//TODO
$is_secure = 1;
$util = new AIOWPSecurity_Utility_File();
$files_dirs_to_check = $util->files_and_dirs_to_check;
foreach ($files_dirs_to_check as $file_or_dir) {
$actual_perm = AIOWPSecurity_Utility_File::get_file_permission($file_or_dir['path']);
$is_secure = $is_secure * AIOWPSecurity_Utility_File::is_file_permission_secure($file_or_dir['permissions'], $actual_perm);
}
//Only if all of the files' permissions are deemed secure give this a thumbs up
if ($is_secure == 1) {
$item->set_feature_status($this->feature_active);
} else {
$item->set_feature_status($this->feature_inactive);
}
}
static function enable_file_edits()
{
global $aio_wp_security;
$edit_file_config_entry_exists = false;
//Config file path
$config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path();
//Get wp-config.php file contents
$config_contents = file($config_file);
foreach ($config_contents as $line_num => $line) {
if (strpos($line, "'DISALLOW_FILE_EDIT', true")) {
$config_contents[$line_num] = str_replace('true', 'false', $line);
$edit_file_config_entry_exists = true;
} else {
if (strpos($line, "'DISALLOW_FILE_EDIT', false")) {
$edit_file_config_entry_exists = true;
//$this->show_msg_updated(__('Your system config file is already configured to allow PHP file editing.', 'all-in-one-wp-security-and-firewall'));
return true;
}
}
}
if (!$edit_file_config_entry_exists) {
//if the DISALLOW_FILE_EDIT settings don't exist in wp-config.php then we don't need to do anything
//$this->show_msg_updated(__('Your system config file is already configured to allow PHP file editing.', 'all-in-one-wp-security-and-firewall'));
return true;
} else {
//Now let's modify the wp-config.php file
if (AIOWPSecurity_Utility_File::write_content_to_file($config_file, $config_contents)) {
//$this->show_msg_updated(__('Settings Saved - Your system is now configured to allow PHP file editing.', 'all-in-one-wp-security-and-firewall'));
return true;
} else {
//$this->show_msg_error(__('Operation failed! Unable to modify wp-config.php file!', 'all-in-one-wp-security-and-firewall'));
//$aio_wp_security->debug_logger->log_debug("Disable PHP File Edit - Unable to modify wp-config.php",4);
return false;
}
}
}
function render_tab5()
{
global $aio_wp_security;
global $wpdb;
$events_table_name = AIOWPSEC_TBL_EVENTS;
AIOWPSecurity_Utility::cleanup_table($events_table_name, 500);
if (isset($_POST['aiowps_import_settings'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-import-settings-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on import AIOWPS settings!", 4);
die("Nonce check failed on import AIOWPS settings!");
}
if (empty($_POST['aiowps_import_settings_file']) && empty($_POST['aiowps_import_settings_text'])) {
$this->show_msg_error(__('Please choose a file to import your settings from.', 'aiowpsecurity'));
} else {
if (empty($_POST['aiowps_import_settings_file'])) {
$import_from = "text";
} else {
$import_from = "file";
}
if ($import_from == "file") {
//Let's get the uploaded import file path
$submitted_import_file_path = trim($_POST['aiowps_import_settings_file']);
$attachment_id = AIOWPSecurity_Utility_File::get_attachment_id_from_url($submitted_import_file_path);
//we'll need this later for deleting
//Verify that file chosen has valid AIOWPS settings contents
$aiowps_settings_file_contents = $this->check_if_valid_aiowps_settings_file($submitted_import_file_path);
} else {
//Get the string right from the textarea. Still confirm it's in the expected format.
$aiowps_settings_file_contents = $this->check_if_valid_aiowps_settings_text($_POST['aiowps_import_settings_text']);
}
if ($aiowps_settings_file_contents != -1) {
//Apply the settings and delete the file (if applicable)
$settings_array = json_decode($aiowps_settings_file_contents, true);
$aiowps_settings_applied = update_option('aio_wp_security_configs', $settings_array);
if (!$aiowps_settings_applied) {
//Failed to import settings
$aio_wp_security->debug_logger->log_debug("Import AIOWPS settings from " . $import_from . " operation failed!", 4);
$this->show_msg_error(__('Import AIOWPS settings from ' . $import_from . ' operation failed!', 'aiowpsecurity'));
if ($import_from == "file") {
//Delete the uploaded settings file for security purposes
wp_delete_attachment($attachment_id, true);
if (false === wp_delete_attachment($attachment_id, true)) {
$this->show_msg_error(__('The deletion of the import file failed. Please delete this file manually via the media menu for security purposes.', 'aiowpsecurity'));
} else {
$this->show_msg_updated(__('The file you uploaded was also deleted for security purposes because it contains security settings details.', 'aiowpsecurity'));
}
}
} else {
$aio_wp_security->configs->configs = $settings_array;
//Refresh the configs global variable
//Just in case user submits partial config settings
//Run add_option_values to make sure any missing config items are at least set to default
AIOWPSecurity_Configure_Settings::add_option_values();
if ($import_from == "file") {
//Delete the uploaded settings file for security purposes
wp_delete_attachment($attachment_id, true);
if (false === wp_delete_attachment($attachment_id, true)) {
$this->show_msg_updated(__('Your AIOWPS settings were successfully imported via file input.', 'aiowpsecurity'));
$this->show_msg_error(__('The deletion of the import file failed. Please delete this file manually via the media menu for security purposes because it contains security settings details.', 'aiowpsecurity'));
} else {
$this->show_msg_updated(__('Your AIOWPS settings were successfully imported. The file you uploaded was also deleted for security purposes because it contains security settings details.', 'aiowpsecurity'));
}
} else {
$this->show_msg_updated(__('Your AIOWPS settings were successfully imported via text entry.', 'aiowpsecurity'));
}
//Now let's refresh the .htaccess file with any modified rules if applicable
$res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
if ($res == -1) {
$this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'aiowpsecurity'));
}
}
} else {
//Invalid settings file
$aio_wp_security->debug_logger->log_debug("The contents of your settings file appear invalid!", 4);
$this->show_msg_error(__('The contents of your settings file appear invalid. Please check the contents of the file you are trying to import settings from.', 'aiowpsecurity'));
if ($import_from == "file") {
//Let's also delete the uploaded settings file for security purposes
wp_delete_attachment($attachment_id, true);
if (false === wp_delete_attachment($attachment_id, true)) {
$this->show_msg_error(__('The deletion of the import file failed. Please delete this file manually via the media menu for security purposes.', 'aiowpsecurity'));
} else {
$this->show_msg_updated(__('The file you uploaded was also deleted for security purposes because it contains security settings details.', 'aiowpsecurity'));
}
}
}
}
}
?>
<h2><?php
_e('Export or Import Your AIOWPS Settings', 'aiowpsecurity');
?>
</h2>
<div class="aio_blue_box">
<?php
echo '<p>' . __('This section allows you to export or import your All In One WP Security & Firewall settings.', 'aiowpsecurity');
echo '<br />' . __('This can be handy if you wanted to save time by applying the settings from one site to another site.', 'aiowpsecurity') . '
<br />' . __('NOTE: Before importing, it is your responsibility to know what settings you are trying to import. Importing settings blindly can cause you to be locked out of your site.', 'aiowpsecurity') . '
<br />' . __('For Example: If a settings item relies on the domain URL then it may not work correctly when imported into a site with a different domain.', 'aiowpsecurity') . '
</p>';
?>
</div>
<div class="postbox">
<h3><label for="title"><?php
_e('Export AIOWPS Settings', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-export-settings-nonce');
?>
<table class="form-table">
<tr valign="top">
<span class="description"><?php
_e('To export your All In One WP Security & Firewall settings click the button below.', 'aiowpsecurity');
?>
</span>
</tr>
</table>
<input type="submit" name="aiowps_export_settings" value="<?php
_e('Export AIOWPS Settings', 'aiowpsecurity');
?>
" class="button-primary" />
</form>
</div></div>
<div class="postbox">
<h3><label for="title"><?php
_e('Import AIOWPS Settings', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-import-settings-nonce');
?>
<table class="form-table">
<tr valign="top">
<span class="description"><?php
_e('Use this section to import your All In One WP Security & Firewall settings from a file. Alternatively, copy/paste the contents of your import file into the textarea below.', 'aiowpsecurity');
?>
</span>
<th scope="row"><?php
_e('Import File', 'aiowpsecurity');
?>
:</th>
<td>
<input type="button" id="aiowps_import_settings_file_button" name="aiowps_import_settings_file_button" class="button rbutton" value="Select Your Import Settings File" />
<input name="aiowps_import_settings_file" type="text" id="aiowps_import_settings_file" value="" size="80" />
<p class="description">
<?php
_e('After selecting your file, click the button below to apply the settings to your site.', 'aiowpsecurity');
?>
</p>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php
_e('Copy/Paste Import Data', 'aiowpsecurity');
?>
:</th>
<td>
<textarea name="aiowps_import_settings_text" id="aiowps_import_settings_text" style="width:80%;height:140px;"></textarea>
</td>
</tr>
</table>
<input type="submit" name="aiowps_import_settings" value="<?php
_e('Import AIOWPS Settings', 'aiowpsecurity');
?>
" class="button-primary" />
</form>
</div></div>
<?php
}
function render_tab4()
{
global $wpdb;
$file_selected = isset($_POST["aiowps_log_file"]) ? $_POST["aiowps_log_file"] : '';
?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php
_e('View Logs for All In WP Security & Firewall Plugin', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-dashboard-logs-nonce');
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Log File', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<select id="aiowps_log_file" name="aiowps_log_file">
<option value=""><?php
_e('--Select a file--', 'all-in-one-wp-security-and-firewall');
?>
</option>
<option value="wp-security-log.txt" <?php
selected($file_selected, 'wp-security-log.txt');
?>
>wp-security-log</option>
<option value="wp-security-log-cron-job.txt" <?php
selected($file_selected, 'wp-security-log-cron-job.txt');
?>
>wp-security-log-cron-job</option>
</select>
<span class="description"><?php
_e('Select one of the log files to view the contents', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
</table>
<input type="submit" name="aiowps_view_logs" value="<?php
_e('View Logs', 'all-in-one-wp-security-and-firewall');
?>
" class="button-primary" />
</form>
</div></div>
<?php
if (isset($_POST['aiowps_view_logs'])) {
$error = '';
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-dashboard-logs-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on dashboard view logs!", 4);
die("Nonce check failed on dashboard view logs!");
}
if (!empty($file_selected)) {
?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php
echo __('Log File Contents For', 'all-in-one-wp-security-and-firewall') . ': ' . $file_selected;
?>
</label></h3>
<div class="inside">
<?php
$aiowps_log_dir = AIO_WP_SECURITY_PATH . '/logs';
$log_file = $aiowps_log_dir . '/' . $file_selected;
if (file_exists($log_file)) {
$log_contents = AIOWPSecurity_Utility_File::get_file_contents($log_file);
} else {
$log_contents = '';
}
if (empty($log_contents)) {
$log_contents = $file_selected . ': ' . __('Log file is empty!', 'all-in-one-wp-security-and-firewall');
}
?>
<textarea class="aio_text_area_file_output aio_half_width aio_spacer_10_tb" rows="15" readonly><?php
echo $log_contents;
?>
</textarea>
</div>
</div>
<?php
}
}
?>
<?php
}
function change_db_prefix($table_old_prefix, $table_new_prefix)
{
global $wpdb, $aio_wp_security;
$old_prefix_length = strlen($table_old_prefix);
//Config file path
$config_file = ABSPATH . 'wp-config.php';
//Get the table resource
//$result = mysql_list_tables(DB_NAME);
$result = $this->get_mysql_tables(DB_NAME);
//Fix for deprecated php mysql_list_tables function
//Count the number of tables
//$num_rows = mysql_num_rows( $result );
if (is_array($result) && count($result) > 0) {
$num_rows = count($result);
} else {
echo '<div class="aio_red_box"><p>' . __('Error - Could not get tables or no tables found!', 'aiowpsecurity') . '</p></div>';
return;
}
$table_count = 0;
//TODO - after reading up on internationalization mixed with html code I found that the WP experts say to do it as below. We will need to clean up other areas where we haven't used the following convention
$info_msg_string = '<p class="aio_info_with_icon">' . __('Starting DB prefix change operations.....', 'aiowpsecurity') . '</p>';
$info_msg_string .= '<p class="aio_info_with_icon">' . sprintf(__('Your WordPress system has a total of %s tables and your new DB prefix will be: %s', 'aiowpsecurity'), '<strong>' . $num_rows . '</strong>', '<strong>' . $table_new_prefix . '</strong>') . '</p>';
echo $info_msg_string;
//Do a back of the config file
if (!AIOWPSecurity_Utility_File::backup_and_rename_wp_config($config_file)) {
echo '<div class="aio_red_box"><p>' . __('Failed to make a backup of the wp-config.php file. This operation will not go ahead.', 'aiowpsecurity') . '</p></div>';
return;
} else {
echo '<p class="aio_success_with_icon">' . __('A backup copy of your wp-config.php file was created successfully!', 'aiowpsecurity') . '</p>';
}
//Rename all the table names
foreach ($result as $db_table) {
//Get table name with old prefix
$table_old_name = $db_table;
if (strpos($table_old_name, $table_old_prefix) === 0) {
//Get table name with new prefix
$table_new_name = $table_new_prefix . substr($table_old_name, $old_prefix_length);
//Write query to rename tables name
$sql = "RENAME TABLE `" . $table_old_name . "` TO `" . $table_new_name . "`";
//$sql = "RENAME TABLE %s TO %s";
//Execute the query
if (false === $wpdb->query($sql)) {
$error = 1;
echo '<p class="aio_error_with_icon">' . sprintf(__('%s table name update failed', 'aiowpsecurity'), '<strong>' . $table_old_name . '</strong>') . '</p>';
$aio_wp_security->debug_logger->log_debug("DB Security Feature - Unable to change prefix of table " . $table_old_name, 4);
} else {
$table_count++;
}
} else {
continue;
}
}
if (@$error == 1) {
echo '<p class="aio_error_with_icon">' . sprintf(__('Please change the prefix manually for the above tables to: %s', 'aiowpsecurity'), '<strong>' . $table_new_prefix . '</strong>') . '</p>';
} else {
echo '<p class="aio_success_with_icon">' . sprintf(__('%s tables had their prefix updated successfully!', 'aiowpsecurity'), '<strong>' . $table_count . '</strong>') . '</p>';
}
//Get wp-config.php file contents and modify it with new info
$config_contents = file($config_file);
foreach ($config_contents as $line_num => $line) {
switch (substr($line, 0, 16)) {
case '$table_prefix =':
$config_contents[$line_num] = str_replace($table_old_prefix, $table_new_prefix, $line);
break;
}
}
//Now let's modify the wp-config.php file
if (AIOWPSecurity_Utility_File::write_content_to_file($config_file, $config_contents)) {
echo '<p class="aio_success_with_icon">' . __('wp-config.php file was updated successfully!', 'aiowpsecurity') . '</p>';
} else {
echo '<p class="aio_error_with_icon">' . sprintf(__('The "wp-config.php" file was not able to be modified. Please modify this file manually using your favourite editor and search
for variable "$table_prefix" and assign the following value to that variable: %s', 'aiowpsecurity'), '<strong>' . $table_new_prefix . '</strong>') . '</p>';
$aio_wp_security->debug_logger->log_debug("DB Security Feature - Unable to modify wp-config.php", 4);
}
//Now let's update the options table
$update_option_table_query = "UPDATE " . $table_new_prefix . "options \r\n SET option_name = '" . $table_new_prefix . "user_roles' \r\n WHERE option_name = '" . $table_old_prefix . "user_roles' \r\n LIMIT 1";
if (false === $wpdb->query($update_option_table_query)) {
echo "<p class='error'>Changing value: ", $table_old_prefix, "user_roles in table ", $table_new_prefix, "options to ", $table_new_prefix, "user_roles</p>";
echo '<p class="aio_error_with_icon">' . sprintf(__('There was an error when updating the options table.', 'aiowpsecurity')) . '</p>';
$aio_wp_security->debug_logger->log_debug("DB Security Feature - Error when updating the options table", 4);
//Log the highly unlikely event of DB error
} else {
echo '<p class="aio_success_with_icon">' . sprintf(__('The options table records which had references to the old DB prefix were updated successfully!', 'aiowpsecurity')) . '</p>';
}
//Now let's update the user meta table
$custom_sql = "SELECT user_id, meta_key \r\n FROM " . $table_new_prefix . "usermeta \r\n WHERE meta_key \r\n LIKE '" . $table_old_prefix . "%'";
$meta_keys = $wpdb->get_results($custom_sql);
$error_update_usermeta = '';
//Update all meta_key field values which have the old table prefix in user_meta table
foreach ($meta_keys as $meta_key) {
//Create new meta key
$new_meta_key = $table_new_prefix . substr($meta_key->meta_key, $old_prefix_length);
$update_user_meta_sql = "UPDATE " . $table_new_prefix . "usermeta \r\n SET meta_key='" . $new_meta_key . "' \r\n WHERE meta_key='" . $meta_key->meta_key . "'\r\n AND user_id='" . $meta_key->user_id . "'";
if (false === $wpdb->query($update_user_meta_sql)) {
$error_update_usermeta .= '<p class="aio_error_with_icon">' . sprintf(__('Error updating user_meta table where new meta_key = %s, old meta_key = %s and user_id = %s.', 'aiowpsecurity'), $new_meta_key, $meta_key->meta_key, $meta_key->user_id) . '</p>';
echo $error_update_usermeta;
$aio_wp_security->debug_logger->log_debug("DB Security Feature - Error updating user_meta table where new meta_key = " . $new_meta_key . " old meta_key = " . $meta_key->meta_key . " and user_id = " . $meta_key->user_id, 4);
//Log the highly unlikely event of DB error
}
}
echo '<p class="aio_success_with_icon">' . __('The usermeta table records which had references to the old DB prefix were updated successfully!', 'aiowpsecurity') . '</p>';
//Display tasks finished message
$tasks_finished_msg_string = '<p class="aio_info_with_icon">' . __('DB prefix change tasks have been completed.', 'aiowpsecurity') . '</p>';
echo $tasks_finished_msg_string;
}
function do_other_admin_side_init_tasks()
{
if (isset($_GET['page']) && $_GET['page'] == AIOWPSEC_BRUTE_FORCE_MENU_SLUG && isset($_GET['tab']) && $_GET['tab'] == 'tab2') {
global $aio_wp_security;
if (isset($_POST['aiowps_do_cookie_test_for_bfla'])) {
AIOWPSecurity_Utility::set_cookie_value("aiowps_cookie_test", "1");
$cur_url = "admin.php?page=" . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . "&tab=tab2";
$redirect_url = AIOWPSecurity_Utility::add_query_data_to_url($cur_url, "aiowps_cookie_test", "1");
AIOWPSecurity_Utility::redirect_to_url($redirect_url);
}
if (isset($_POST['aiowps_enable_brute_force_attack_prevention'])) {
$brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
if (empty($brute_force_feature_secret_word)) {
$brute_force_feature_secret_word = "aiowps_secret";
}
AIOWPSecurity_Utility::set_cookie_value($brute_force_feature_secret_word, "1");
}
if (isset($_REQUEST['aiowps_cookie_test'])) {
$cookie_val = AIOWPSecurity_Utility::get_cookie_value("aiowps_cookie_test");
if (empty($cookie_val)) {
$aio_wp_security->configs->set_value('aiowps_cookie_test_success', '');
} else {
$aio_wp_security->configs->set_value('aiowps_cookie_test_success', '1');
}
$aio_wp_security->configs->save_config();
//save the value
}
}
if (isset($_POST['aiowps_save_wp_config'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-save-wp-config-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on wp_config file save!", 4);
die("Nonce check failed on wp_config file save!");
}
$wp_config_path = ABSPATH . 'wp-config.php';
$result = AIOWPSecurity_Utility_File::backup_and_rename_wp_config($wp_config_path);
//Backup the wp_config.php file
AIOWPSecurity_Utility_File::download_a_file_option1($wp_config_path, "wp-config-backup.txt");
}
}
function render_tab3()
{
global $aio_wp_security;
if (isset($_POST['aiowps_restore_wp_config_button'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-restore-wp-config-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on wp-config file restore!", 4);
die("Nonce check failed on wp-config file restore!");
}
if (empty($_POST['aiowps_wp_config_file'])) {
$this->show_msg_error(__('Please choose a wp-config.php file to restore from.', 'aiowpsecurity'));
} else {
//Let's copy the uploaded wp-config.php file into the active root file
$new_wp_config_file_path = trim($_POST['aiowps_wp_config_file']);
//TODO
//Verify that file chosen has contents which are relevant to .htaccess file
$is_wp_config = $this->check_if_wp_config_contents($new_wp_config_file_path);
//TODO - write the function
if ($is_wp_config == 1) {
$active_root_wp_config = ABSPATH . 'wp-config.php';
if (!copy($new_wp_config_file_path, $active_root_wp_config)) {
//Failed to make a backup copy
$aio_wp_security->debug_logger->log_debug("wp-config.php - Restore from backed up wp-config operation failed!", 4);
$this->show_msg_error(__('wp-config.php file restore failed. Please attempt to restore this file manually using FTP.', 'aiowpsecurity'));
} else {
$this->show_msg_updated(__('Your wp-config.php file has successfully been restored!', 'aiowpsecurity'));
}
} else {
$aio_wp_security->debug_logger->log_debug("wp-config.php restore failed - Contents of restore file appear invalid!", 4);
$this->show_msg_error(__('wp-config.php Restore operation failed! Please check the contents of the file you are trying to restore from.', 'aiowpsecurity'));
}
}
}
?>
<h2><?php
_e('wp-config.php File Operations', 'aiowpsecurity');
?>
</h2>
<div class="aio_blue_box">
<?php
echo '<p>' . __('Your "wp-config.php" file is one of the most important in your WordPress installation. It is a primary configuration file and contains crucial things such as details of your database and other critical components.', 'aiowpsecurity') . '
<br />' . __('This feature allows you to backup and save your currently active wp-config.php file should you need to re-use the the backed up file in the future.', 'aiowpsecurity') . '
<br />' . __('You can also restore your site\'s wp-config.php settings using a backed up wp-config.php file.', 'aiowpsecurity') . '
</p>';
?>
</div>
<?php
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
//Hide config settings if MS and not main site
AIOWPSecurity_Utility::display_multisite_message();
} else {
?>
<div class="postbox">
<h3><label for="title"><?php
_e('Save the current wp-config.php file', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-save-wp-config-nonce');
?>
<p class="description"><?php
_e('Click the button below to backup and download the contents of the currently active wp-config.php file.', 'aiowpsecurity');
?>
</p>
<input type="submit" name="aiowps_save_wp_config" value="<?php
_e('Backup wp-config.php File', 'aiowpsecurity');
?>
" class="button-primary" />
</form>
</div></div>
<div class="postbox">
<h3><label for="title"><?php
_e('Restore from a backed up wp-config file', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-restore-wp-config-nonce');
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('wp-config file to restore from', 'aiowpsecurity');
?>
:</th>
<td>
<input type="button" id="aiowps_wp_config_file_button" name="aiowps_wp_config_file_button" class="button rbutton" value="Select Your wp-config File" />
<input name="aiowps_wp_config_file" type="text" id="aiowps_wp_config_file" value="" size="80" />
<p class="description">
<?php
_e('After selecting your file click the button below to restore your site using the backed up wp-config file (wp-config.php.backup.txt).', 'aiowpsecurity');
?>
</p>
</td>
</tr>
</table>
<input type="submit" name="aiowps_restore_wp_config_button" value="<?php
_e('Restore wp-config File', 'aiowpsecurity');
?>
" class="button-primary" />
</form>
</div></div>
<div class="postbox">
<h3><label for="title"><?php
_e('View Contents of the currently active wp-config.php file', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<?php
$wp_config_file = ABSPATH . 'wp-config.php';
$wp_config_contents = AIOWPSecurity_Utility_File::get_file_contents($wp_config_file);
?>
<textarea class="aio_text_area_file_output aio_width_80 aio_spacer_10_tb" rows="20" readonly><?php
echo $wp_config_contents;
?>
</textarea>
</div></div>
<?php
}
//End if statement
}
