function sixscan_communication_oracle_reg_verification($is_to_use_fallback_verify = FALSE) { try { if (sixscan_common_get_verification_token() == FALSE || sixscan_common_get_site_id() == FALSE || sixscan_common_get_api_token() == FALSE) { return "6Scan was not registered properly.Data from DB is missing"; } if ($is_to_use_fallback_verify == FALSE) { $request_verification_url = SIXSCAN_BODYGUARD_VERIFY_URL; } else { $request_verification_url = SIXSCAN_BODYGUARD_FALLBACK_VERIFY_URL; } $request_verification_url .= "?site_id=" . sixscan_common_get_site_id() . "&api_token=" . sixscan_common_get_api_token(); $response = sixscan_common_request_network($request_verification_url, "", "GET"); if (is_wp_error($response)) { $error_string = $response->get_error_message(); /* Make the error message simplier for user */ $error_string = str_replace($request_verification_url, SIXSCAN_BODYGUARD_VERIFY_URL, $error_string); return $error_string; } else { if (200 != wp_remote_retrieve_response_code($response)) { $server_response = ""; parse_str(wp_remote_retrieve_body($response), $server_response); $fail_reason = ini_get('magic_quotes_gpc') ? stripslashes($server_response['reason']) : $server_response['reason']; $error_string = "<br><br>" . $fail_reason; return $error_string; } } return TRUE; } catch (Exception $e) { die($e); } }
function sixscan_events_deactivation() { if (sixscan_common_is_account_active() == TRUE) { sixscan_communication_oracle_reg_deactivate(sixscan_common_get_site_id(), sixscan_common_get_api_token()); /* "Not active" , this will disallow scanner to work on this host */ sixscan_common_set_account_active(FALSE); } /* Revert the .htaccess to "pre-6scan" state */ sixscan_htaccess_uninstall(); }
function sixscan_backup_comm_req_signature_from_server($req_type, $params, $date, $backup_id, $prev_etag = "") { $req_signature = array(); $api_token = sixscan_common_get_api_token(); $site_id = sixscan_common_get_site_id(); $url = SIXSCAN_BODYGUARD_6SCAN_BACKUP_MPU_SIG_URL . "?site_id=" . $site_id . "&api_token=" . $api_token . "&backup_id=" . $backup_id . "&req_type=" . $req_type . "&date=" . urlencode($date) . "&prev_etag=" . $prev_etag . "¶meters=" . urlencode($params); $result = sixscan_common_request_network($url, NULL); if (is_wp_error($result) == TRUE) { return NULL; } $result = json_decode(wp_remote_retrieve_body($result)); $req_signature['url'] = base64_decode(urldecode($result->url)); $req_signature['signature'] = $result->signature; return $req_signature; }
} else { header("HTTP/1.1 500 Bad verification token"); } exit(0); } if (sixscan_common_is_account_active() != TRUE) { header("HTTP/1.1 500 6Scan not active"); exit(0); } $oracle_nonce = intval($_REQUEST['nonce']); $last_nonce = intval(get_option(SIXSCAN_OPTION_COMM_LAST_SIG_UPDATE_NONCE)); if ($last_nonce >= $oracle_nonce) { header("HTTP/1.1 500 Bad nonce request"); exit(0); } $api_token = sixscan_common_get_api_token(); $site_id = sixscan_common_get_site_id(); $expected_token = md5(SIXSCAN_SIGNATURE_SCHEDULER_SALT . $oracle_nonce . $api_token); $received_token = $_REQUEST['token']; if ($expected_token != $received_token) { header("HTTP/1.1 418 I'm a teapot"); //as defined in RFC2324: http://tools.ietf.org/html/rfc2324 exit(0); } $error_list = ""; /* From now on, all errors will be caught and shown */ sixscan_common_show_all_errors(); /* Mark this nonce as already used */ update_option(SIXSCAN_OPTION_COMM_LAST_SIG_UPDATE_NONCE, $oracle_nonce); /* Requested backup */ if (isset($_REQUEST[SIXSCAN_NOTICE_BCKP_REQUEST]) && $_REQUEST[SIXSCAN_NOTICE_BCKP_REQUEST] == '1') {
function sixscan_common_is_regdata_present() { if (sixscan_common_get_site_id() == FALSE || sixscan_common_get_api_token() == FALSE || sixscan_common_get_verification_token() == FALSE || sixscan_common_get_dashboard_token() == FALSE) { return FALSE; } return TRUE; }
function sixscan_installation_uninstall() { try { /* Notify the server, to disable account */ sixscan_communication_oracle_reg_uninstall(sixscan_common_get_site_id(), sixscan_common_get_api_token()); /* Remove verification file, if exists */ sixscan_communication_oracle_reg_remove_verification_file(); /* Remove lines from htaccess */ sixscan_htaccess_uninstall(); /* Clear the database */ delete_option(SIXSCAN_OPTIONS_SETUP_ACCOUNT); delete_option(SIXSCAN_OPTION_MENU_IS_BLOG_VERIFIED); delete_option(SIXSCAN_OPTION_MENU_SITE_ID); delete_option(SIXSCAN_OPTION_MENU_API_TOKEN); delete_option(SIXSCAN_OPTION_MENU_VERIFICATION_TOKEN); delete_option(SIXSCAN_OPTION_MENU_DASHBOARD_TOKEN); delete_option(SIXSCAN_OPTION_MENU_IS_ACCOUNT_OPERATIONAL); delete_option(SIXSCAN_OPTION_COMM_ORACLE_NONCE); delete_option(SIXSCAN_OPTION_COMM_LAST_SIG_UPDATE_NONCE); delete_option(SIXSCAN_OPTION_VULNERABITILY_COUNT); delete_option(SIXSCAN_OPTION_LOGIN_SETTINGS); delete_option(SIXSCAN_LOGIN_LOGS); delete_option(SIXSCAN_OPTION_WPFS_CONFIG); delete_option(SIXSCAN_OPTION_WAF_REQUESTED); delete_option(SIXSCAN_OPTION_STAT_SUSPICIOUS_REQ_COUNT); delete_option(SIXSCAN_OPTION_STAT_OK_REQ_COUNT); delete_option(SIXSCAN_BACKUP_LAST_FS_NAME); delete_option(SIXSCAN_BACKUP_LAST_DB_NAME); delete_option(SIXSCAN_VULN_MESSAGE_DISMISSED); } catch (Exception $e) { die($e); } }