function aiowps_validate_registration_with_captcha($errors, $sanitized_user_login, $user_email)
{
global $aio_wp_security;
$locked = $aio_wp_security->user_login_obj->check_locked_user();
if ($locked == null) {
//user is not locked continue
} else {
$errors->add('authentication_failed', __('<strong>ERROR</strong>: You are not allowed to register because your IP address is currently locked!', 'all-in-one-wp-security-and-firewall'));
return $errors;
}
if (array_key_exists('aiowps-captcha-answer', $_POST)) {
isset($_POST['aiowps-captcha-answer']) ? $captcha_answer = strip_tags(trim($_POST['aiowps-captcha-answer'])) : ($captcha_answer = '');
$captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
$submitted_encoded_string = base64_encode($_POST['aiowps-captcha-temp-string'] . $captcha_secret_string . $captcha_answer);
$trans_handle = sanitize_text_field($_POST['aiowps-captcha-string-info']);
$captcha_string_info_trans = AIOWPSecurity_Utility::is_multisite_install() ? get_site_transient('aiowps_captcha_string_info_' . $trans_handle) : get_transient('aiowps_captcha_string_info_' . $trans_handle);
if ($submitted_encoded_string !== $captcha_string_info_trans) {
//This means a wrong answer was entered
//return new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Your answer was incorrect - please try again.', 'all-in-one-wp-security-and-firewall'));
$errors->add('authentication_failed', __('<strong>ERROR</strong>: Your answer was incorrect - please try again.', 'all-in-one-wp-security-and-firewall'));
return $errors;
}
}
return $errors;
}
function prepare_items()
{
//First, lets decide how many records per page to show
$per_page = 20;
$columns = $this->get_columns();
$hidden = array();
$sortable = $this->get_sortable_columns();
$this->_column_headers = array($columns, $hidden, $sortable);
//$this->process_bulk_action();
global $wpdb;
global $aio_wp_security;
$logged_in_users = AIOWPSecurity_Utility::is_multisite_install() ? get_site_transient('users_online') : get_transient('users_online');
if ($logged_in_users !== FALSE) {
foreach ($logged_in_users as $key => $val) {
$userdata = get_userdata($val['user_id']);
$username = $userdata->user_login;
$val['username'] = $username;
$logged_in_users[$key] = $val;
}
} else {
$logged_in_users = array();
//If no transient found set to empty array
}
$data = $logged_in_users;
$current_page = $this->get_pagenum();
$total_items = count($data);
$data = array_slice($data, ($current_page - 1) * $per_page, $per_page);
$this->items = $data;
$this->set_pagination_args(array('total_items' => $total_items, 'per_page' => $per_page, 'total_pages' => ceil($total_items / $per_page)));
}
function generate_maths_question()
{
global $aio_wp_security;
//For now we will only do plus, minus, multiplication
$equation_string = '';
$operator_type = array('+', '−', '×');
$operand_display = array('word', 'number');
//let's now generate an equation
$operator = $operator_type[rand(0, 2)];
if ($operator === '×') {
//Don't make the question too hard if multiplication
$first_digit = rand(1, 5);
$second_digit = rand(1, 5);
} else {
$first_digit = rand(1, 20);
$second_digit = rand(1, 20);
}
if ($operand_display[rand(0, 1)] == 'word') {
$first_operand = $this->number_word_mapping($first_digit);
} else {
$first_operand = $first_digit;
}
if ($operand_display[rand(0, 1)] == 'word') {
$second_operand = $this->number_word_mapping($second_digit);
} else {
$second_operand = $second_digit;
}
//Let's caluclate the result and construct the equation string
if ($operator === '+') {
//Addition
$result = $first_digit + $second_digit;
$equation_string .= $first_operand . ' ' . $operator . ' ' . $second_operand . ' = ';
} else {
if ($operator === '−') {
//Subtraction
//If we are going to be negative let's swap operands around
if ($first_digit < $second_digit) {
$equation_string .= $second_operand . ' ' . $operator . ' ' . $first_operand . ' = ';
$result = $second_digit - $first_digit;
} else {
$equation_string .= $first_operand . ' ' . $operator . ' ' . $second_operand . ' = ';
$result = $first_digit - $second_digit;
}
} elseif ($operator === '×') {
//Multiplication
$equation_string .= $first_operand . ' ' . $operator . ' ' . $second_operand . ' = ';
$result = $first_digit * $second_digit;
}
}
//Let's encode correct answer
$captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
$current_time = time();
$enc_result = base64_encode($current_time . $captcha_secret_string . $result);
$random_str = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
AIOWPSecurity_Utility::is_multisite_install() ? set_site_transient('aiowps_captcha_string_info_' . $random_str, $enc_result, 30 * 60) : set_transient('aiowps_captcha_string_info_' . $random_str, $enc_result, 30 * 60);
$equation_string .= '<input type="hidden" name="aiowps-captcha-string-info" id="aiowps-captcha-string-info" value="' . $random_str . '" />';
$equation_string .= '<input type="hidden" name="aiowps-captcha-temp-string" id="aiowps-captcha-temp-string" value="' . $current_time . '" />';
$equation_string .= '<input type="text" size="2" id="aiowps-captcha-answer" name="aiowps-captcha-answer" value="" />';
return $equation_string;
}
static function check_user_exists($username)
{
global $wpdb;
//if username is empty just return false
if ($username == '') {
return false;
}
//If multisite
if (AIOWPSecurity_Utility::is_multisite_install()) {
$blog_id = get_current_blog_id();
$admin_users = get_users('blog_id=' . $blog_id . 'orderby=login&role=administrator');
$acct_name_exists = false;
foreach ($admin_users as $user) {
if ($user->user_login == $username) {
$acct_name_exists = true;
break;
}
}
return $acct_name_exists;
}
//check users table
$user = $wpdb->get_var("SELECT user_login FROM `" . $wpdb->users . "` WHERE user_login='******';");
$userid = $wpdb->get_var("SELECT ID FROM `" . $wpdb->users . "` WHERE ID='" . sanitize_text_field($username) . "';");
if ($user == $username || $userid == $username) {
return true;
} else {
return false;
}
}
function prepare_items()
{
//First, lets decide how many records per page to show
$per_page = 20;
$columns = $this->get_columns();
$hidden = array();
$sortable = $this->get_sortable_columns();
$this->_column_headers = array($columns, $hidden, $sortable);
//$this->process_bulk_action();
global $wpdb;
global $aio_wp_security;
/* -- Ordering parameters -- */
//Parameters that are going to be used to order the result
$orderby = !empty($_GET["orderby"]) ? mysql_real_escape_string($_GET["orderby"]) : 'user_id';
$order = !empty($_GET["order"]) ? mysql_real_escape_string($_GET["order"]) : 'DESC';
$logged_in_users = AIOWPSecurity_Utility::is_multisite_install() ? get_site_transient('users_online') : get_transient('users_online');
foreach ($logged_in_users as $key => $val) {
$userdata = get_userdata($val['user_id']);
$username = $userdata->user_login;
$val['username'] = $username;
$logged_in_users[$key] = $val;
}
$data = $logged_in_users;
$current_page = $this->get_pagenum();
$total_items = count($data);
$data = array_slice($data, ($current_page - 1) * $per_page, $per_page);
$this->items = $data;
$this->set_pagination_args(array('total_items' => $total_items, 'per_page' => $per_page, 'total_pages' => ceil($total_items / $per_page)));
}
function set_menu_tabs()
{
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
//Suppress the DB prefix change tab if site is a multi site AND not the main site
$this->menu_tabs = array('tab2' => __('DB Backup', 'aiowpsecurity'));
} else {
$this->menu_tabs = array('tab1' => __('DB Prefix', 'aiowpsecurity'), 'tab2' => __('DB Backup', 'aiowpsecurity'));
}
}
function get_bulk_actions()
{
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
//Suppress the block link if site is a multi site AND not the main site
$actions = array();
//blank array
} else {
$actions = array('block' => 'Block');
}
return $actions;
}
function render_menu_tabs()
{
$current_tab = $this->get_current_tab();
echo '<h2 class="nav-tab-wrapper">';
foreach ($this->menu_tabs as $tab_key => $tab_caption) {
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1 && stristr($tab_caption, "Rename Login Page") === false && stristr($tab_caption, "Login Captcha") === false) {
//Suppress the all Brute Force menu tabs if site is a multi site AND not the main site except "rename login" and "captcha"
} else {
$active = $current_tab == $tab_key ? 'nav-tab-active' : '';
echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
}
}
echo '</h2>';
}
function render_tab1()
{
echo '<div class="aio_grey_box">';
echo '<p>' . __('For information, updates and documentation, please visit the', 'aiowpsecurity') . ' <a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin" target="_blank">' . __('AIO WP Security & Firewall Plugin', 'aiowpsecurity') . '</a> ' . __('Page', 'aiowpsecurity') . '</p>';
echo '<p><a href="https://www.tipsandtricks-hq.com/development-center" target="_blank">' . __('Follow us', 'aiowpsecurity') . '</a> on ' . __('Twitter, Google+ or via Email to stay up to date about the new security features of this plugin.', 'aiowpsecurity') . '</p>';
echo '</div>';
echo "<script type='text/javascript' src='https://www.google.com/jsapi'></script>";
//Include the google chart library
global $aiowps_feature_mgr;
global $aio_wp_security;
$feature_mgr = $aiowps_feature_mgr;
$total_site_security_points = $feature_mgr->get_total_site_points();
$total_security_points_achievable = $feature_mgr->get_total_achievable_points();
?>
<div id="aiowps_dashboard_widget_content">
<div class="aiowps_dashboard_box_small">
<div class="postbox">
<h3><label for="title"><?php
_e('Security Strength Meter', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<script type='text/javascript'>
google.load('visualization', '1', {packages:['gauge']});
google.setOnLoadCallback(drawChart);
function drawChart() {
var data = google.visualization.arrayToDataTable([
['Label', 'Value'],
['Strength', <?php
echo $total_site_security_points;
?>
]
]);
var options = {
width: 320, height: 200, max: <?php
echo $total_security_points_achievable;
?>
,
greenColor: '8EFA9B', yellowColor: 'F5EE90', redColor: 'FA7373',
redFrom: 0, redTo: 10,
yellowFrom:10, yellowTo: 50,
greenFrom:50, greenTo: <?php
echo $total_security_points_achievable;
?>
,
minorTicks: 5
};
var chart = new google.visualization.Gauge(document.getElementById('security_strength_chart_div'));
chart.draw(data, options);
}
</script>
<div id='security_strength_chart_div'></div>
<div class="aiowps_dashboard_widget_footer">
<?php
_e('Total Achievable Points: ', 'aiowpsecurity');
echo '<strong>' . $total_security_points_achievable . '</strong><br />';
_e('Current Score of Your Site: ', 'aiowpsecurity');
echo '<strong>' . $total_site_security_points . '</strong>';
?>
</div>
</div></div>
</div><!-- aiowps_dashboard_box -->
<div class="aiowps_dashboard_box_small">
<div class="postbox">
<h3><label for="title"><?php
_e('Security Points Breakdown', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<?php
$feature_items = $feature_mgr->feature_items;
$pt_src_chart_data = "";
$pt_src_chart_data .= "['Feature Name', 'Points'],";
foreach ($feature_items as $item) {
if ($item->feature_status == $feature_mgr->feature_active) {
$pt_src_chart_data .= "['" . $item->feature_name . "', " . $item->item_points . "],";
}
}
?>
<script type="text/javascript">
google.load("visualization", "1", {packages:["corechart"]});
google.setOnLoadCallback(drawChart);
function drawChart() {
var data = google.visualization.arrayToDataTable([
<?php
echo $pt_src_chart_data;
?>
]);
var options = {
height: '250',
width: '320',
backgroundColor: 'F6F6F6'
};
var chart = new google.visualization.PieChart(document.getElementById('points_source_breakdown_chart_div'));
chart.draw(data, options);
}
</script>
<div id='points_source_breakdown_chart_div'></div>
</div></div>
</div><!-- aiowps_dashboard_box -->
<div class="aiowps_dashboard_box_small aiowps_spread_the_word_widget">
<div class="postbox">
<h3><label for="title"><?php
_e('Spread the Word', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<p><?php
_e('We are working hard to make your WordPress site more secure. Please support us, here is how:', 'aiowpsecurity');
?>
</p>
<p>
<a href="https://plus.google.com/+Tipsandtricks-hq/" target="_blank">Follow us on Google+</a>
</p>
<p>
<a href="http://twitter.com/intent/tweet?url=https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin&text=I love the All In One WP Security and Firewall plugin!" target="_blank" class="aio_tweet_link">Post to Twitter</a>
</p>
<p>
<a href="http://wordpress.org/support/view/plugin-reviews/all-in-one-wp-security-and-firewall/" target="_blank" class="aio_rate_us_link">Give us a Good Rating</a>
</p>
</div></div>
</div><!-- aiowps_dashboard_box -->
<div class="aiowps_dashboard_box_small">
<div class="postbox">
<h3><label for="title"><?php
_e('Critical Feature Status', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<?php
_e('Below is the current status of the critical features that you should activate on your site to achieve a minimum level of recommended security', 'aiowpsecurity');
$feature_items = $feature_mgr->feature_items;
$username_admin_feature = $feature_mgr->get_feature_item_by_id("user-accounts-change-admin-user");
echo '<div class="aiowps_feature_status_container">';
echo '<div class="aiowps_feature_status_name">' . __('Admin Username', 'aiowpsecurity') . '</div>';
echo '<a href="admin.php?page=' . AIOWPSEC_USER_ACCOUNTS_MENU_SLUG . '">';
echo '<div class="aiowps_feature_status_bar">';
if ($username_admin_feature->feature_status == $feature_mgr->feature_active) {
echo '<div class="aiowps_feature_status_label aiowps_feature_status_on">On</div>';
echo '<div class="aiowps_feature_status_label">Off</div>';
} else {
echo '<div class="aiowps_feature_status_label">On</div>';
echo '<div class="aiowps_feature_status_label aiowps_feature_status_off">Off</div>';
}
echo '</div></div></a>';
echo '<div class="aio_clear_float"></div>';
$login_lockdown_feature = $feature_mgr->get_feature_item_by_id("user-login-login-lockdown");
echo '<div class="aiowps_feature_status_container">';
echo '<div class="aiowps_feature_status_name">' . __('Login Lockdown', 'aiowpsecurity') . '</div>';
echo '<a href="admin.php?page=' . AIOWPSEC_USER_LOGIN_MENU_SLUG . '">';
echo '<div class="aiowps_feature_status_bar">';
if ($login_lockdown_feature->feature_status == $feature_mgr->feature_active) {
echo '<div class="aiowps_feature_status_label aiowps_feature_status_on">On</div>';
echo '<div class="aiowps_feature_status_label">Off</div>';
} else {
echo '<div class="aiowps_feature_status_label">On</div>';
echo '<div class="aiowps_feature_status_label aiowps_feature_status_off">Off</div>';
}
echo '</div></div></a>';
echo '<div class="aio_clear_float"></div>';
$filesystem_feature = $feature_mgr->get_feature_item_by_id("filesystem-file-permissions");
echo '<div class="aiowps_feature_status_container">';
echo '<div class="aiowps_feature_status_name">' . __('File Permission', 'aiowpsecurity') . '</div>';
echo '<a href="admin.php?page=' . AIOWPSEC_FILESYSTEM_MENU_SLUG . '">';
echo '<div class="aiowps_feature_status_bar">';
if ($filesystem_feature->feature_status == $feature_mgr->feature_active) {
echo '<div class="aiowps_feature_status_label aiowps_feature_status_on">On</div>';
echo '<div class="aiowps_feature_status_label">Off</div>';
} else {
echo '<div class="aiowps_feature_status_label">On</div>';
echo '<div class="aiowps_feature_status_label aiowps_feature_status_off">Off</div>';
}
echo '</div></div></a>';
echo '<div class="aio_clear_float"></div>';
$basic_firewall_feature = $feature_mgr->get_feature_item_by_id("firewall-basic-rules");
echo '<div class="aiowps_feature_status_container">';
echo '<div class="aiowps_feature_status_name">' . __('Basic Firewall', 'aiowpsecurity') . '</div>';
echo '<a href="admin.php?page=' . AIOWPSEC_FIREWALL_MENU_SLUG . '">';
echo '<div class="aiowps_feature_status_bar">';
if ($basic_firewall_feature->feature_status == $feature_mgr->feature_active) {
echo '<div class="aiowps_feature_status_label aiowps_feature_status_on">On</div>';
echo '<div class="aiowps_feature_status_label">Off</div>';
} else {
echo '<div class="aiowps_feature_status_label">On</div>';
echo '<div class="aiowps_feature_status_label aiowps_feature_status_off">Off</div>';
}
echo '</div></div></a>';
echo '<div class="aio_clear_float"></div>';
?>
</div></div>
</div><!-- aiowps_dashboard_box -->
<div class="aiowps_dashboard_box_small">
<div class="postbox">
<h3><label for="title"><?php
_e('Last 5 Logins', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<?php
global $wpdb;
$login_activity_table = AIOWPSEC_TBL_USER_LOGIN_ACTIVITY;
/* -- Ordering parameters -- */
//Parameters that are going to be used to order the result
isset($_GET["orderby"]) ? $orderby = strip_tags($_GET["orderby"]) : ($orderby = '');
isset($_GET["order"]) ? $order = strip_tags($_GET["order"]) : ($order = '');
$orderby = !empty($orderby) ? $orderby : 'login_date';
$order = !empty($order) ? $order : 'DESC';
$data = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$login_activity_table} ORDER BY login_date DESC LIMIT %d", 5), ARRAY_A);
//Get the last 5 records
if ($data == NULL) {
echo '<p>' . __('No data found!', 'aiowpsecurity') . '</p>';
} else {
$login_summary_table = '';
echo '<p>' . __('Last 5 logins summary:', 'aiowpsecurity') . '</p>';
$login_summary_table .= '<table class="widefat">';
$login_summary_table .= '<thead>';
$login_summary_table .= '<tr>';
$login_summary_table .= '<th>' . __('User', 'aiowpsecurity') . '</th>';
$login_summary_table .= '<th>' . __('Date', 'aiowpsecurity') . '</th>';
$login_summary_table .= '<th>' . __('IP', 'aiowpsecurity') . '</th>';
$login_summary_table .= '</tr>';
$login_summary_table .= '</thead>';
foreach ($data as $entry) {
$login_summary_table .= '<tr>';
$login_summary_table .= '<td>' . $entry['user_login'] . '</td>';
$login_summary_table .= '<td>' . $entry['login_date'] . '</td>';
$login_summary_table .= '<td>' . $entry['login_ip'] . '</td>';
$login_summary_table .= '</tr>';
}
$login_summary_table .= '</table>';
echo $login_summary_table;
}
echo '<div class="aio_clear_float"></div>';
?>
</div></div>
</div><!-- aiowps_dashboard_box -->
<div class="aiowps_dashboard_box_small">
<div class="postbox">
<h3><label for="title"><?php
_e('Maintenance Mode Status', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<?php
if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
echo '<p>' . __('Maintenance mode is currently enabled. Remember to turn it off when you are done', 'aiowpsecurity') . '</p>';
} else {
echo '<p>' . __('Maintenance mode is currently off.', 'aiowpsecurity') . '</p>';
}
echo '<div class="aiowps_feature_status_container">';
echo '<div class="aiowps_feature_status_name">' . __('Maintenance Mode', 'aiowpsecurity') . '</div>';
echo '<a href="admin.php?page=' . AIOWPSEC_MAINTENANCE_MENU_SLUG . '">';
echo '<div class="aiowps_feature_status_bar">';
if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
//Maintenance mode is enabled
echo '<div class="aiowps_feature_status_label aiowps_feature_status_off">On</div>';
//If enabled show red by usign the "off" class
echo '<div class="aiowps_feature_status_label">Off</div>';
} else {
echo '<div class="aiowps_feature_status_label">On</div>';
echo '<div class="aiowps_feature_status_label aiowps_feature_status_on">Off</div>';
}
echo '</div></div></a>';
echo '<div class="aio_clear_float"></div>';
?>
</div></div>
</div><!-- aiowps_dashboard_box -->
<?php
//Insert Cookie Based Brute Force feature box if this feature is active
if ($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention') == '1') {
?>
<div class="aiowps_dashboard_box_small">
<div class="postbox">
<h3><label for="title"><?php
_e('Cookie Based Brute Prevention', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<?php
$brute_force_login_feature_link = '<a href="admin.php?page=' . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . '&tab=tab2" target="_blank">' . __('Cookie-Based Brute Force', 'aiowpsecurity') . '</a>';
$brute_force_feature_secret_word = $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word');
echo '<div class="aio_yellow_box">';
echo '<p>' . sprintf(__('The %s feature is currently active.', 'aiowpsecurity'), $brute_force_login_feature_link) . '</p>';
echo '<p>' . __('Your new WordPress login URL is now:', 'aiowpsecurity') . '</p>';
echo '<p><strong>' . AIOWPSEC_WP_URL . '/?' . $brute_force_feature_secret_word . '=1</strong></p>';
echo '</div>';
//yellow box div
echo '<div class="aio_clear_float"></div>';
?>
</div></div>
</div><!-- aiowps_dashboard_box -->
<?php
}
//End if statement for Cookie Based Brute Prevention box
//Insert Rename Login Page feature box if this feature is active
if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
?>
<div class="aiowps_dashboard_box_small">
<div class="postbox">
<h3><label for="title"><?php
_e('Rename Login Page', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<?php
if (get_option('permalink_structure')) {
$home_url = trailingslashit(home_url());
} else {
$home_url = trailingslashit(home_url()) . '?';
}
$rename_login_feature_link = '<a href="admin.php?page=' . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . '&tab=tab1" target="_blank">' . __('Rename Login Page', 'aiowpsecurity') . '</a>';
echo '<div class="aio_yellow_box">';
echo '<p>' . sprintf(__('The %s feature is currently active.', 'aiowpsecurity'), $rename_login_feature_link) . '</p>';
echo '<p>' . __('Your new WordPress login URL is now:', 'aiowpsecurity') . '</p>';
echo '<p><strong>' . $home_url . $aio_wp_security->configs->get_value('aiowps_login_page_slug') . '</strong></p>';
echo '</div>';
//yellow box div
echo '<div class="aio_clear_float"></div>';
?>
</div></div>
</div><!-- aiowps_dashboard_box -->
<?php
}
//End if statement for Rename Login box
if ($aio_wp_security->configs->get_value('aiowps_enable_automated_fcd_scan') == '1') {
echo '<div class="aiowps_dashboard_box_small">';
echo '<div class="postbox">';
echo '<h3><label for="title">File Change Detection</label></h3>';
echo '<div class="inside">';
if ($aio_wp_security->configs->get_value('aiowps_fcds_change_detected')) {
echo '<div class="aio_red_box aio_padding_10">File change detected!</div>';
echo '<p>Please review the changes from the <a href="admin.php?page=' . AIOWPSEC_FILESCAN_MENU_SLUG . '">scanner menu</a></p>';
} else {
echo '<div class="aio_green_box aio_padding_10">No recent file changes detected.</div>';
}
echo '</div></div>';
echo '</div>';
//<!-- aiowps_dashboard_box -->
}
//End if statement for automated scan box
?>
<div class="aiowps_dashboard_box_small">
<div class="postbox">
<h3><label for="title"><?php
_e('Logged In Users', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<?php
$users_online_link = '<a href="admin.php?page=' . AIOWPSEC_USER_LOGIN_MENU_SLUG . '&tab=tab5">Logged In Users</a>';
if (AIOWPSecurity_Utility::is_multisite_install()) {
$logged_in_users = get_site_transient('users_online');
$num_users = count($logged_in_users);
if ($num_users > 1) {
echo '<div class="aio_red_box"><p>' . __('Number of users currently logged in site-wide is:', 'aiowpsecurity') . ' <strong>' . $num_users . '</strong></p>';
$info_msg = '<p>' . sprintf(__('Go to the %s menu to see more details', 'aiowpsecurity'), $users_online_link) . '</p>';
echo $info_msg . '</div>';
} else {
echo '<div class="aio_green_box"><p>' . __('There are no other site-wide users currently logged in.', 'aiowpsecurity') . '</p></div>';
}
} else {
$logged_in_users = get_transient('users_online');
if ($logged_in_users === false || $logged_in_users == NULL) {
$num_users = 0;
} else {
$num_users = count($logged_in_users);
}
if ($num_users > 1) {
echo '<div class="aio_red_box"><p>' . __('Number of users currently logged into your site (including you) is:', 'aiowpsecurity') . ' <strong>' . $num_users . '</strong></p>';
$info_msg = '<p>' . sprintf(__('Go to the %s menu to see more details', 'aiowpsecurity'), $users_online_link) . '</p>';
echo $info_msg . '</div>';
} else {
echo '<div class="aio_green_box"><p>' . __('There are no other users currently logged in.', 'aiowpsecurity') . '</p></div>';
}
}
?>
</div></div>
</div><!-- aiowps_dashboard_box -->
<div class="aiowps_dashboard_box_small">
<div class="postbox">
<h3><label for="title"><?php
_e('Locked IP Addresses', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<?php
$locked_ips_link = '<a href="admin.php?page=' . AIOWPSEC_MAIN_MENU_SLUG . '&tab=tab3">Locked IP Addresses</a>';
$locked_ips = AIOWPSecurity_Utility::get_locked_ips();
if ($locked_ips === FALSE) {
echo '<div class="aio_green_box"><p>' . __('There are no IP addresses currently locked out.', 'aiowpsecurity') . '</p></div>';
} else {
$num_ips = count($locked_ips);
echo '<div class="aio_red_box"><p>' . __('Number of temporarily locked out IP addresses: ', 'aiowpsecurity') . ' <strong>' . $num_ips . '</strong></p>';
$info_msg = '<p>' . sprintf(__('Go to the %s menu to see more details', 'aiowpsecurity'), $locked_ips_link) . '</p>';
echo $info_msg . '</div>';
}
?>
</div></div>
</div><!-- aiowps_dashboard_box -->
<div class="aio_clear_float"></div>
</div>
<!-- Masonry stuff -->
<?php
//wp_enqueue_script('masonry');
echo '<script type="text/javascript" src="' . AIO_WP_SECURITY_URL . '/js/masonry.pkgd.min.js?ver=' . AIO_WP_SECURITY_VERSION . '"></script>';
?>
<style>
.aiowps_dashboard_box_small {
width: 350px;
}
</style>
<script type="text/javascript">
window.onload = function(){
var container = document.querySelector('#aiowps_dashboard_widget_content');
var msnry = new Masonry( container, {
// options
columnWidth: 100,
itemSelector: '.aiowps_dashboard_box_small'
});
}
</script>
<!-- End Masonry stuff -->
<?php
}
function render_tab2()
{
global $aio_wp_security;
global $aiowps_feature_mgr;
include_once 'wp-security-list-comment-spammer-ip.php';
//For rendering the AIOWPSecurity_List_Table in tab2
$spammer_ip_list = new AIOWPSecurity_List_Comment_Spammer_IP();
//Do form submission tasks for auto block spam IP
if (isset($_POST['aiowps_auto_spam_block'])) {
$error = '';
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-auto-block-spam-ip-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on auto block SPAM IPs options save!", 4);
die("Nonce check failed on auto block SPAM IPs options save!");
}
$spam_ip_min_comments = sanitize_text_field($_POST['aiowps_spam_ip_min_comments_block']);
if (!is_numeric($spam_ip_min_comments)) {
$error .= '<br />' . __('You entered a non numeric value for the minimum number of spam comments field. It has been set to the default value.', 'all-in-one-wp-security-and-firewall');
$spam_ip_min_comments = '3';
//Set it to the default value for this field
} elseif (empty($spam_ip_min_comments)) {
$error .= '<br />' . __('You must enter an integer greater than zero for minimum number of spam comments field. It has been set to the default value.', 'all-in-one-wp-security-and-firewall');
$spam_ip_min_comments = '3';
//Set it to the default value for this field
}
if ($error) {
$this->show_msg_error(__('Attention!', 'all-in-one-wp-security-and-firewall') . $error);
}
//Save all the form values to the options
$aio_wp_security->configs->set_value('aiowps_enable_autoblock_spam_ip', isset($_POST["aiowps_enable_autoblock_spam_ip"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_spam_ip_min_comments_block', absint($spam_ip_min_comments));
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_settings_updated();
}
if (isset($_POST['aiowps_ip_spam_comment_search'])) {
$error = '';
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-spammer-ip-list-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed for list SPAM comment IPs!", 4);
die(__('Nonce check failed for list SPAM comment IPs!', 'all-in-one-wp-security-and-firewall'));
}
$min_comments_per_ip = sanitize_text_field($_POST['aiowps_spam_ip_min_comments']);
if (!is_numeric($min_comments_per_ip)) {
$error .= '<br />' . __('You entered a non numeric value for the minimum SPAM comments per IP field. It has been set to the default value.', 'all-in-one-wp-security-and-firewall');
$min_comments_per_ip = '5';
//Set it to the default value for this field
}
if ($error) {
$this->show_msg_error(__('Attention!', 'all-in-one-wp-security-and-firewall') . $error);
}
//Save all the form values to the options
$aio_wp_security->configs->set_value('aiowps_spam_ip_min_comments', absint($min_comments_per_ip));
$aio_wp_security->configs->save_config();
$info_msg_string = sprintf(__('Displaying results for IP addresses which have posted a minimum of %s SPAM comments', 'all-in-one-wp-security-and-firewall'), $min_comments_per_ip);
$this->show_msg_updated($info_msg_string);
}
if (isset($_REQUEST['action'])) {
if ($_REQUEST['action'] == 'block_spammer_ip') {
//The "block" link was clicked for a row in the list table
$spammer_ip_list->block_spammer_ip_records(strip_tags($_REQUEST['spammer_ip']));
}
}
?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php
_e('Auto Block SPAMMER IPs', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_autoblock_spam_ip') == '1' && !class_exists('Akismet')) {
$akismet_link = '<a href="https://wordpress.org/plugins/akismet/" target="_blank">Akismet</a>';
$info_msg = sprintf(__('This feature has detected that %s is not active. It is highly recommended that you activate the Akismet plugin to make the most of this feature.', 'all-in-one-wp-security-and-firewall'), $akismet_link);
echo '<div class="aio_orange_box" id="message"><p><strong>' . $info_msg . '</strong></p></div>';
}
?>
<form action="" method="POST">
<div class="aio_blue_box">
<?php
echo '<p>' . __('This feature allows you to automatically and permanently block IP addresses which have exceeded a certain number of comments labelled as SPAM.', 'all-in-one-wp-security-and-firewall') . '</p>' . '<p>' . __('Comments are usually labelled as SPAM either by the Akismet plugin or manually by the WP administrator when they mark a comment as "spam" from the WordPress Comments menu.', 'all-in-one-wp-security-and-firewall') . '</p>' . '<p><strong>' . __('NOTE: This feature does NOT use the .htaccess file to permanently block the IP addresses so it should be compatible with all web servers running WordPress.', 'all-in-one-wp-security-and-firewall') . '</strong></p>';
?>
</div>
<?php
$min_block_comments = $aio_wp_security->configs->get_value('aiowps_spam_ip_min_comments_block');
if (!empty($min_block_comments)) {
global $wpdb;
$sql = $wpdb->prepare('SELECT * FROM ' . AIOWPSEC_TBL_PERM_BLOCK . ' WHERE block_reason=%s', 'spam');
$total_res = $wpdb->get_results($sql);
?>
<div class="aio_yellow_box">
<?php
if (empty($total_res)) {
echo '<p><strong>' . __('You currently have no IP addresses permanently blocked due to SPAM.', 'all-in-one-wp-security-and-firewall') . '</strong></p>';
} else {
$total_count = count($total_res);
$todays_blocked_count = 0;
foreach ($total_res as $blocked_item) {
$now = date_i18n('Y-m-d H:i:s');
$now_date_time = new DateTime($now);
$blocked_date = new DateTime($blocked_item->blocked_date);
if ($blocked_date->format('Y-m-d') == $now_date_time->format('Y-m-d')) {
//there was an IP added to permanent block list today
++$todays_blocked_count;
}
}
echo '<p><strong>' . __('Spammer IPs Added To Permanent Block List Today: ', 'all-in-one-wp-security-and-firewall') . $todays_blocked_count . '</strong></p>' . '<hr><p><strong>' . __('All Time Total: ', 'all-in-one-wp-security-and-firewall') . $total_count . '</strong></p>' . '<p><a class="button" href="admin.php?page=' . AIOWPSEC_MAIN_MENU_SLUG . '&tab=tab4" target="_blank">' . __('View Blocked IPs', 'all-in-one-wp-security-and-firewall') . '</a></p>';
}
?>
</div>
<?php
}
//Display security info badge
//$aiowps_feature_mgr->output_feature_details_badge("auto-block-spam-ip");
?>
<?php
wp_nonce_field('aiowpsec-auto-block-spam-ip-nonce');
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Enable Auto Block of SPAM Comment IPs', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input name="aiowps_enable_autoblock_spam_ip" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_autoblock_spam_ip') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this box if you want this plugin to automatically block IP addresses which submit SPAM comments.', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php
_e('Minimum number of SPAM comments', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td><input type="text" size="5" name="aiowps_spam_ip_min_comments_block" value="<?php
echo $aio_wp_security->configs->get_value('aiowps_spam_ip_min_comments_block');
?>
" />
<span class="description"><?php
_e('Specify the minimum number of SPAM comments for an IP address before it is permanently blocked.', 'all-in-one-wp-security-and-firewall');
?>
</span>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php
_e('More Info', 'all-in-one-wp-security-and-firewall');
?>
</span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">' . __('Example 1: Setting this value to "1" will block ALL IP addresses which were used to submit at least one SPAM comment.', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . __('Example 2: Setting this value to "5" will block only those IP addresses which were used to submit 5 SPAM comments or more on your site.', 'all-in-one-wp-security-and-firewall') . '</p>';
?>
</div>
</td>
</tr>
<!-- <tr valign="top">-->
<!-- <th scope="row">--><?php
//_e('Run Now', 'all-in-one-wp-security-and-firewall')
?>
<!--:</th>-->
<!-- <td><input type="submit" name="aiowps_auto_spam_block_run" value="--><?php
//_e('Run SPAM IP Blocking Now', 'all-in-one-wp-security-and-firewall')
?>
<!--" class="button-secondary" />-->
<!-- <span class="description">--><?php
//_e('This feature normally runs automatically whenever a comment is submitted but you can run it manually by clicking this button. (useful for older comments)', 'all-in-one-wp-security-and-firewall');
?>
<!--</span>-->
<!-- </td>-->
<!-- </tr>-->
</table>
<input type="submit" name="aiowps_auto_spam_block" value="<?php
_e('Save Settings', 'all-in-one-wp-security-and-firewall');
?>
" class="button-primary" />
</form>
</div></div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php
_e('List SPAMMER IP Addresses', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<div class="aio_blue_box">
<?php
echo '<p>' . __('This section displays a list of the IP addresses of the people or bots who have left SPAM comments on your site.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('This information can be handy for identifying the most persistent IP addresses or ranges used by spammers.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('By inspecting the IP address data coming from spammers you will be in a better position to determine which addresses or address ranges you should block by adding them to your blacklist.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('To add one or more of the IP addresses displayed in the table below to your blacklist, simply click the "Block" link for the individual row or select more than one address
using the checkboxes and then choose the "block" option from the Bulk Actions dropdown list and click the "Apply" button.', 'all-in-one-wp-security-and-firewall') . '
</p>';
?>
</div>
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-spammer-ip-list-nonce');
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Minimum number of SPAM comments per IP', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td><input type="text" size="5" name="aiowps_spam_ip_min_comments" value="<?php
echo $aio_wp_security->configs->get_value('aiowps_spam_ip_min_comments');
?>
" />
<span class="description"><?php
_e('This field allows you to list only those IP addresses which have been used to post X or more SPAM comments.', 'all-in-one-wp-security-and-firewall');
?>
</span>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php
_e('More Info', 'all-in-one-wp-security-and-firewall');
?>
</span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">' . __('Example 1: Setting this value to "0" or "1" will list ALL IP addresses which were used to submit SPAM comments.', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . __('Example 2: Setting this value to "5" will list only those IP addresses which were used to submit 5 SPAM comments or more on your site.', 'all-in-one-wp-security-and-firewall') . '</p>';
?>
</div>
</td>
</tr>
</table>
<input type="submit" name="aiowps_ip_spam_comment_search" value="<?php
_e('Find IP Addresses', 'all-in-one-wp-security-and-firewall');
?>
" class="button-primary" />
</form>
</div></div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php
_e('SPAMMER IP Address Results', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<?php
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
echo '<div class="aio_yellow_box">';
echo '<p>' . __('The plugin has detected that you are using a Multi-Site WordPress installation.', 'all-in-one-wp-security-and-firewall') . '</p>
<p>' . __('Only the "superadmin" can block IP addresses from the main site.', 'all-in-one-wp-security-and-firewall') . '</p>
<p>' . __('Take note of the IP addresses you want blocked and ask the superadmin to add these to the blacklist using the "Blacklist Manager" on the main site.', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '</div>';
}
//Fetch, prepare, sort, and filter our data...
$spammer_ip_list->prepare_items();
//echo "put table of locked entries here";
?>
<form id="tables-filter" method="get" onSubmit="return confirm('Are you sure you want to perform this bulk operation on the selected entries?');">
<!-- For plugins, we also need to ensure that the form posts back to our current page -->
<input type="hidden" name="page" value="<?php
echo esc_attr($_REQUEST['page']);
?>
" />
<input type="hidden" name="tab" value="<?php
echo esc_attr($_REQUEST['tab']);
?>
" />
<!-- Now we can render the completed list table -->
<?php
$spammer_ip_list->display();
?>
</form>
</div></div>
<?php
}
function change_db_prefix($table_old_prefix, $table_new_prefix)
{
global $wpdb, $aio_wp_security;
$old_prefix_length = strlen($table_old_prefix);
$error = 0;
//Config file path
$config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path();
//Get the table resource
//$result = mysql_list_tables(DB_NAME);
$result = $this->get_mysql_tables(DB_NAME);
//Fix for deprecated php mysql_list_tables function
//Count the number of tables
if (is_array($result) && count($result) > 0) {
$num_rows = count($result);
} else {
echo '<div class="aio_red_box"><p>' . __('Error - Could not get tables or no tables found!', 'all-in-one-wp-security-and-firewall') . '</p></div>';
return;
}
$table_count = 0;
$info_msg_string = '<p class="aio_info_with_icon">' . __('Starting DB prefix change operations.....', 'all-in-one-wp-security-and-firewall') . '</p>';
$info_msg_string .= '<p class="aio_info_with_icon">' . sprintf(__('Your WordPress system has a total of %s tables and your new DB prefix will be: %s', 'all-in-one-wp-security-and-firewall'), '<strong>' . $num_rows . '</strong>', '<strong>' . $table_new_prefix . '</strong>') . '</p>';
echo $info_msg_string;
//Do a back of the config file
if (!AIOWPSecurity_Utility_File::backup_and_rename_wp_config($config_file)) {
echo '<div class="aio_red_box"><p>' . __('Failed to make a backup of the wp-config.php file. This operation will not go ahead.', 'all-in-one-wp-security-and-firewall') . '</p></div>';
return;
} else {
echo '<p class="aio_success_with_icon">' . __('A backup copy of your wp-config.php file was created successfully!', 'all-in-one-wp-security-and-firewall') . '</p>';
}
//Get multisite blog_ids if applicable
if (AIOWPSecurity_Utility::is_multisite_install()) {
$blog_ids = AIOWPSecurity_Utility::get_blog_ids();
}
//Rename all the table names
foreach ($result as $db_table) {
//Get table name with old prefix
$table_old_name = $db_table;
if (strpos($table_old_name, $table_old_prefix) === 0) {
//Get table name with new prefix
$table_new_name = $table_new_prefix . substr($table_old_name, $old_prefix_length);
//Write query to rename tables name
$sql = "RENAME TABLE `" . $table_old_name . "` TO `" . $table_new_name . "`";
//$sql = "RENAME TABLE %s TO %s";
//Execute the query
if (false === $wpdb->query($sql)) {
$error = 1;
echo '<p class="aio_error_with_icon">' . sprintf(__('%s table name update failed', 'all-in-one-wp-security-and-firewall'), '<strong>' . $table_old_name . '</strong>') . '</p>';
$aio_wp_security->debug_logger->log_debug("DB Security Feature - Unable to change prefix of table " . $table_old_name, 4);
} else {
$table_count++;
}
} else {
continue;
}
}
if ($error == 1) {
echo '<p class="aio_error_with_icon">' . sprintf(__('Please change the prefix manually for the above tables to: %s', 'all-in-one-wp-security-and-firewall'), '<strong>' . $table_new_prefix . '</strong>') . '</p>';
} else {
echo '<p class="aio_success_with_icon">' . sprintf(__('%s tables had their prefix updated successfully!', 'all-in-one-wp-security-and-firewall'), '<strong>' . $table_count . '</strong>') . '</p>';
}
//Get wp-config.php file contents and modify it with new info
$config_contents = file($config_file);
$prefix_match_string = '$table_prefix=';
//this is our search string for the wp-config.php file
foreach ($config_contents as $line_num => $line) {
$no_ws_line = preg_replace('/\\s+/', '', $line);
//Strip white spaces
if (strpos($no_ws_line, $prefix_match_string) !== FALSE) {
$config_contents[$line_num] = str_replace($table_old_prefix, $table_new_prefix, $line);
break;
}
}
//Now let's modify the wp-config.php file
if (AIOWPSecurity_Utility_File::write_content_to_file($config_file, $config_contents)) {
echo '<p class="aio_success_with_icon">' . __('wp-config.php file was updated successfully!', 'all-in-one-wp-security-and-firewall') . '</p>';
} else {
echo '<p class="aio_error_with_icon">' . sprintf(__('The "wp-config.php" file was not able to be modified. Please modify this file manually using your favourite editor and search
for variable "$table_prefix" and assign the following value to that variable: %s', 'all-in-one-wp-security-and-firewall'), '<strong>' . $table_new_prefix . '</strong>') . '</p>';
$aio_wp_security->debug_logger->log_debug("DB Security Feature - Unable to modify wp-config.php", 4);
}
//Now let's update the options table
$update_option_table_query = "UPDATE " . $table_new_prefix . "options \r\r\n SET option_name = '" . $table_new_prefix . "user_roles' \r\r\n WHERE option_name = '" . $table_old_prefix . "user_roles' \r\r\n LIMIT 1";
if (false === $wpdb->query($update_option_table_query)) {
echo '<p class="aio_error_with_icon">' . sprintf(__('Update of table %s failed: unable to change %s to %s', 'all-in-one-wp-security-and-firewall'), $table_new_prefix . 'options', $table_old_prefix . 'user_roles', $table_new_prefix . 'user_roles') . '</p>';
$aio_wp_security->debug_logger->log_debug("DB Security Feature - Error when updating the options table", 4);
//Log the highly unlikely event of DB error
} else {
echo '<p class="aio_success_with_icon">' . sprintf(__('The options table records which had references to the old DB prefix were updated successfully!', 'all-in-one-wp-security-and-firewall')) . '</p>';
}
//Now let's update the options tables for the multisite subsites if applicable
if (AIOWPSecurity_Utility::is_multisite_install()) {
if (!empty($blog_ids)) {
foreach ($blog_ids as $blog_id) {
if ($blog_id == 1) {
continue;
}
//skip main site
$new_pref_and_site_id = $table_new_prefix . $blog_id . '_';
$old_pref_and_site_id = $table_old_prefix . $blog_id . '_';
$update_ms_option_table_query = "UPDATE " . $new_pref_and_site_id . "options\r\r\n SET option_name = '" . $new_pref_and_site_id . "user_roles'\r\r\n WHERE option_name = '" . $old_pref_and_site_id . "user_roles'\r\r\n LIMIT 1";
if (false === $wpdb->query($update_ms_option_table_query)) {
echo '<p class="aio_error_with_icon">' . sprintf(__('Update of table %s failed: unable to change %s to %s', 'all-in-one-wp-security-and-firewall'), $new_pref_and_site_id . 'options', $old_pref_and_site_id . 'user_roles', $new_pref_and_site_id . 'user_roles') . '</p>';
$aio_wp_security->debug_logger->log_debug("DB change prefix feature - Error when updating the subsite options table: " . $new_pref_and_site_id . 'options', 4);
//Log the highly unlikely event of DB error
} else {
echo '<p class="aio_success_with_icon">' . sprintf(__('The %s table records which had references to the old DB prefix were updated successfully!', 'all-in-one-wp-security-and-firewall'), $new_pref_and_site_id . 'options') . '</p>';
}
}
}
}
//Now let's update the user meta table
$custom_sql = "SELECT user_id, meta_key \r\r\n FROM " . $table_new_prefix . "usermeta \r\r\n WHERE meta_key \r\r\n LIKE '" . $table_old_prefix . "%'";
$meta_keys = $wpdb->get_results($custom_sql);
$error_update_usermeta = '';
//Update all meta_key field values which have the old table prefix in user_meta table
foreach ($meta_keys as $meta_key) {
//Create new meta key
$new_meta_key = $table_new_prefix . substr($meta_key->meta_key, $old_prefix_length);
$update_user_meta_sql = "UPDATE " . $table_new_prefix . "usermeta \r\r\n SET meta_key='" . $new_meta_key . "' \r\r\n WHERE meta_key='" . $meta_key->meta_key . "'\r\r\n AND user_id='" . $meta_key->user_id . "'";
if (false === $wpdb->query($update_user_meta_sql)) {
$error_update_usermeta .= '<p class="aio_error_with_icon">' . sprintf(__('Error updating user_meta table where new meta_key = %s, old meta_key = %s and user_id = %s.', 'all-in-one-wp-security-and-firewall'), $new_meta_key, $meta_key->meta_key, $meta_key->user_id) . '</p>';
echo $error_update_usermeta;
$aio_wp_security->debug_logger->log_debug("DB Security Feature - Error updating user_meta table where new meta_key = " . $new_meta_key . " old meta_key = " . $meta_key->meta_key . " and user_id = " . $meta_key->user_id, 4);
//Log the highly unlikely event of DB error
}
}
echo '<p class="aio_success_with_icon">' . __('The usermeta table records which had references to the old DB prefix were updated successfully!', 'all-in-one-wp-security-and-firewall') . '</p>';
//Display tasks finished message
$tasks_finished_msg_string = '<p class="aio_info_with_icon">' . __('DB prefix change tasks have been completed.', 'all-in-one-wp-security-and-firewall') . '</p>';
echo $tasks_finished_msg_string;
}
/**
* This will clean up the "users_online" transient entry for the current user.
*
*/
function update_user_online_transient($user_id, $ip_addr)
{
global $aio_wp_security;
$logged_in_users = AIOWPSecurity_Utility::is_multisite_install() ? get_site_transient('users_online') : get_transient('users_online');
//$logged_in_users = get_transient('users_online');
if ($logged_in_users === false || $logged_in_users == NULL) {
return;
}
$j = 0;
foreach ($logged_in_users as $value) {
if ($value['user_id'] == $user_id && strcmp($value['ip_address'], $ip_addr) == 0) {
unset($logged_in_users[$j]);
break;
}
$j++;
}
//Save the transient
AIOWPSecurity_Utility::is_multisite_install() ? set_site_transient('users_online', $logged_in_users, 30 * 60) : set_transient('users_online', $logged_in_users, 30 * 60);
//set_transient('users_online', $logged_in_users, 30 * 60); //Set transient with the data obtained above and also set the expiry to 30min
return;
}
function do_additional_plugins_loaded_tasks()
{
if (isset($_GET['aiowpsec_do_log_out'])) {
wp_logout();
if (isset($_GET['after_logout'])) {
$after_logout_url = esc_url($_GET['after_logout']);
AIOWPSecurity_Utility::redirect_to_url($after_logout_url);
}
$additional_data = strip_tags($_GET['al_additional_data']);
if (isset($additional_data)) {
$login_url = '';
//Inspect the payload and do redirect to login page with a msg and redirect url
$logout_payload = AIOWPSecurity_Utility::is_multisite_install() ? get_site_transient('aiowps_logout_payload') : get_transient('aiowps_logout_payload');
if (!empty($logout_payload['redirect_to'])) {
$login_url = AIOWPSecurity_Utility::add_query_data_to_url(wp_login_url(), 'redirect_to', $logout_payload['redirect_to']);
}
if (!empty($logout_payload['msg'])) {
$login_url .= '&' . $logout_payload['msg'];
}
if (!empty($login_url)) {
AIOWPSecurity_Utility::redirect_to_url($login_url);
}
}
}
}
function update_logged_in_user_transient()
{
if (is_user_logged_in()) {
$current_user_ip = AIOWPSecurity_Utility_IP::get_user_ip_address();
// get the logged in users list from transients entry
$logged_in_users = AIOWPSecurity_Utility::is_multisite_install() ? get_site_transient('users_online') : get_transient('users_online');
// $logged_in_users = get_transient('users_online');
$current_user = wp_get_current_user();
$current_user = $current_user->ID;
$current_time = current_time('timestamp');
$current_user_info = array("user_id" => $current_user, "last_activity" => $current_time, "ip_address" => $current_user_ip);
//We will store last activity time and ip address in transient entry
if ($logged_in_users === false || $logged_in_users == NULL) {
$logged_in_users = array();
$logged_in_users[] = $current_user_info;
AIOWPSecurity_Utility::is_multisite_install() ? set_site_transient('users_online', $logged_in_users, 30 * 60) : set_transient('users_online', $logged_in_users, 30 * 60);
// set_transient('users_online', $logged_in_users, 30 * 60); //Set transient with the data obtained above and also set the expire to 30min
} else {
$key = 0;
$do_nothing = false;
$update_existing = false;
$item_index = 0;
foreach ($logged_in_users as $value) {
if ($value['user_id'] == $current_user && strcmp($value['ip_address'], $current_user_ip) == 0) {
if ($value['last_activity'] < $current_time - 15 * 60) {
$update_existing = true;
$item_index = $key;
break;
} else {
$do_nothing = true;
break;
}
}
$key++;
}
if ($update_existing) {
//Update transient if the last activity was less than 15 min ago for this user
$logged_in_users[$item_index] = $current_user_info;
AIOWPSecurity_Utility::is_multisite_install() ? set_site_transient('users_online', $logged_in_users, 30 * 60) : set_transient('users_online', $logged_in_users, 30 * 60);
} else {
if ($do_nothing) {
//Do nothing
} else {
$logged_in_users[] = $current_user_info;
AIOWPSecurity_Utility::is_multisite_install() ? set_site_transient('users_online', $logged_in_users, 30 * 60) : set_transient('users_online', $logged_in_users, 30 * 60);
}
}
}
}
}
function buddy_press_signup_validate_captcha($errors)
{
global $bp, $aio_wp_security;
//Check if captcha enabled
if (array_key_exists('aiowps-captcha-answer', $_POST)) {
isset($_POST['aiowps-captcha-answer']) ? $captcha_answer = strip_tags(trim($_POST['aiowps-captcha-answer'])) : ($captcha_answer = '');
$captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
$submitted_encoded_string = base64_encode($_POST['aiowps-captcha-temp-string'] . $captcha_secret_string . $captcha_answer);
$trans_handle = sanitize_text_field($_POST['aiowps-captcha-string-info']);
$captcha_string_info_trans = AIOWPSecurity_Utility::is_multisite_install() ? get_site_transient('aiowps_captcha_string_info_' . $trans_handle) : get_transient('aiowps_captcha_string_info_' . $trans_handle);
if ($submitted_encoded_string !== $captcha_string_info_trans) {
//This means a wrong answer was entered
$bp->signup->errors['aiowps-captcha-answer'] = __('Your CAPTCHA answer was incorrect - please try again.', 'all-in-one-wp-security-and-firewall');
}
}
return;
}
function create_admin_menus()
{
$menu_icon_url = AIO_WP_SECURITY_URL . '/images/plugin-icon.png';
$this->main_menu_page = add_menu_page(__('WP Security', 'aiowpsecurity'), __('WP Security', 'aiowpsecurity'), AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_MAIN_MENU_SLUG, array(&$this, 'handle_dashboard_menu_rendering'), $menu_icon_url);
add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Dashboard', 'aiowpsecurity'), __('Dashboard', 'aiowpsecurity'), AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_MAIN_MENU_SLUG, array(&$this, 'handle_dashboard_menu_rendering'));
add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Settings', 'aiowpsecurity'), __('Settings', 'aiowpsecurity'), AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_SETTINGS_MENU_SLUG, array(&$this, 'handle_settings_menu_rendering'));
add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Accounts', 'aiowpsecurity'), __('User Accounts', 'aiowpsecurity'), AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_USER_ACCOUNTS_MENU_SLUG, array(&$this, 'handle_user_accounts_menu_rendering'));
add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Login', 'aiowpsecurity'), __('User Login', 'aiowpsecurity'), AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_USER_LOGIN_MENU_SLUG, array(&$this, 'handle_user_login_menu_rendering'));
add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Registration', 'aiowpsecurity'), __('User Registration', 'aiowpsecurity'), AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_USER_REGISTRATION_MENU_SLUG, array(&$this, 'handle_user_registration_menu_rendering'));
add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Database Security', 'aiowpsecurity'), __('Database Security', 'aiowpsecurity'), AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_DB_SEC_MENU_SLUG, array(&$this, 'handle_database_menu_rendering'));
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
//Suppress the Filesystem Security menu if site is a multi site AND not the main site
} else {
add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Filesystem Security', 'aiowpsecurity'), __('Filesystem Security', 'aiowpsecurity'), AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_FILESYSTEM_MENU_SLUG, array(&$this, 'handle_filesystem_menu_rendering'));
}
add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('WHOIS Lookup', 'aiowpsecurity'), __('WHOIS Lookup', 'aiowpsecurity'), AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_WHOIS_MENU_SLUG, array(&$this, 'handle_whois_menu_rendering'));
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
//Suppress the Blacklist Manager menu if site is a multi site AND not the main site
} else {
add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Blacklist Manager', 'aiowpsecurity'), __('Blacklist Manager', 'aiowpsecurity'), AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_BLACKLIST_MENU_SLUG, array(&$this, 'handle_blacklist_menu_rendering'));
}
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
//Suppress the firewall menu if site is a multi site AND not the main site
} else {
add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Firewall', 'aiowpsecurity'), __('Firewall', 'aiowpsecurity'), AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_FIREWALL_MENU_SLUG, array(&$this, 'handle_firewall_menu_rendering'));
}
add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Brute Force', 'aiowpsecurity'), __('Brute Force', 'aiowpsecurity'), AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_BRUTE_FORCE_MENU_SLUG, array(&$this, 'handle_brute_force_menu_rendering'));
add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('SPAM Prevention', 'aiowpsecurity'), __('SPAM Prevention', 'aiowpsecurity'), AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_SPAM_MENU_SLUG, array(&$this, 'handle_spam_menu_rendering'));
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
//Suppress the filescan menu if site is a multi site AND not the main site
} else {
add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Scanner', 'aiowpsecurity'), __('Scanner', 'aiowpsecurity'), AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_FILESCAN_MENU_SLUG, array(&$this, 'handle_filescan_menu_rendering'));
}
add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Maintenance', 'aiowpsecurity'), __('Maintenance', 'aiowpsecurity'), AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_MAINTENANCE_MENU_SLUG, array(&$this, 'handle_maintenance_menu_rendering'));
add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Miscellaneous', 'aiowpsecurity'), __('Miscellaneous', 'aiowpsecurity'), AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_MISC_MENU_SLUG, array(&$this, 'handle_misc_menu_rendering'));
do_action('aiowpsecurity_admin_menu_created');
}
function render_tab2()
{
global $aio_wp_security;
global $aiowps_feature_mgr;
if (isset($_POST['aiowpsec_save_registration_captcha_settings'])) {
$error = '';
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-registration-captcha-settings-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on registration captcha settings save!", 4);
die("Nonce check failed on registration captcha settings save!");
}
//Save all the form values to the options
$random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20);
//Generate random 20 char string for use during captcha encode/decode
$aio_wp_security->configs->set_value('aiowps_captcha_secret_key', $random_20_digit_string);
$aio_wp_security->configs->set_value('aiowps_enable_registration_page_captcha', isset($_POST["aiowps_enable_registration_page_captcha"]) ? '1' : '');
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_settings_updated();
}
?>
<div class="aio_blue_box">
<?php
echo '<p>' . __('This feature allows you to add a captcha form on the WordPress registration page.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('Users who attempt to register will also need to enter the answer to a simple mathematical question - if they enter the wrong answer, the plugin will not allow them to register.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('Therefore, adding a captcha form on the registration page is another effective yet simple SPAM registration prevention technique.', 'all-in-one-wp-security-and-firewall') . '
</p>';
?>
</div>
<div class="postbox">
<h3><label for="title"><?php
_e('Registration Page Captcha Settings', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<?php
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
//Hide config settings if MS and not main site
$special_msg = '<div class="aio_yellow_box">';
$special_msg .= '<p>' . __('The core default behaviour for WordPress Multi Site regarding user registration is that all users are registered via the main site.', 'all-in-one-wp-security-and-firewall') . '</p>';
$special_msg .= '<p>' . __('Therefore, if you would like to add a captcha form to the registration page for a Multi Site, please go to "Registration Captcha" settings on the main site.', 'all-in-one-wp-security-and-firewall') . '</p>';
$special_msg .= '</div>';
echo $special_msg;
} else {
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("user-registration-captcha");
?>
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-registration-captcha-settings-nonce');
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Enable Captcha On Registration Page', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input name="aiowps_enable_registration_page_captcha" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to insert a captcha form on the WordPress user registration page (if you allow user registration).', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
</table>
<input type="submit" name="aiowpsec_save_registration_captcha_settings" value="<?php
_e('Save Settings', 'all-in-one-wp-security-and-firewall');
?>
" class="button-primary" />
</form>
</div></div>
<?php
}
}
function render_tab3()
{
global $aio_wp_security;
if (isset($_POST['aiowps_restore_wp_config_button'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-restore-wp-config-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on wp-config file restore!", 4);
die("Nonce check failed on wp-config file restore!");
}
if (empty($_POST['aiowps_wp_config_file'])) {
$this->show_msg_error(__('Please choose a wp-config.php file to restore from.', 'aiowpsecurity'));
} else {
//Let's copy the uploaded wp-config.php file into the active root file
$new_wp_config_file_path = trim($_POST['aiowps_wp_config_file']);
//Verify that file chosen is a wp-config.file
$is_wp_config = $this->check_if_wp_config_contents($new_wp_config_file_path);
if ($is_wp_config == 1) {
$active_root_wp_config = AIOWPSecurity_Utility_File::get_wp_config_file_path();
if (!copy($new_wp_config_file_path, $active_root_wp_config)) {
//Failed to make a backup copy
$aio_wp_security->debug_logger->log_debug("wp-config.php - Restore from backed up wp-config operation failed!", 4);
$this->show_msg_error(__('wp-config.php file restore failed. Please attempt to restore this file manually using FTP.', 'aiowpsecurity'));
} else {
$this->show_msg_updated(__('Your wp-config.php file has successfully been restored!', 'aiowpsecurity'));
}
} else {
$aio_wp_security->debug_logger->log_debug("wp-config.php restore failed - Contents of restore file appear invalid!", 4);
$this->show_msg_error(__('wp-config.php Restore operation failed! Please check the contents of the file you are trying to restore from.', 'aiowpsecurity'));
}
}
}
?>
<h2><?php
_e('wp-config.php File Operations', 'aiowpsecurity');
?>
</h2>
<div class="aio_blue_box">
<?php
echo '<p>' . __('Your "wp-config.php" file is one of the most important in your WordPress installation. It is a primary configuration file and contains crucial things such as details of your database and other critical components.', 'aiowpsecurity') . '
<br />' . __('This feature allows you to backup and save your currently active wp-config.php file should you need to re-use the the backed up file in the future.', 'aiowpsecurity') . '
<br />' . __('You can also restore your site\'s wp-config.php settings using a backed up wp-config.php file.', 'aiowpsecurity') . '
</p>';
?>
</div>
<?php
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
//Hide config settings if MS and not main site
AIOWPSecurity_Utility::display_multisite_message();
} else {
?>
<div class="postbox">
<h3><label for="title"><?php
_e('Save the current wp-config.php file', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-save-wp-config-nonce');
?>
<p class="description"><?php
_e('Click the button below to backup and download the contents of the currently active wp-config.php file.', 'aiowpsecurity');
?>
</p>
<input type="submit" name="aiowps_save_wp_config" value="<?php
_e('Backup wp-config.php File', 'aiowpsecurity');
?>
" class="button-primary" />
</form>
</div></div>
<div class="postbox">
<h3><label for="title"><?php
_e('Restore from a backed up wp-config file', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-restore-wp-config-nonce');
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('wp-config file to restore from', 'aiowpsecurity');
?>
:</th>
<td>
<input type="button" id="aiowps_wp_config_file_button" name="aiowps_wp_config_file_button" class="button rbutton" value="Select Your wp-config File" />
<input name="aiowps_wp_config_file" type="text" id="aiowps_wp_config_file" value="" size="80" />
<p class="description">
<?php
_e('After selecting your file click the button below to restore your site using the backed up wp-config file (wp-config.php.backup.txt).', 'aiowpsecurity');
?>
</p>
</td>
</tr>
</table>
<input type="submit" name="aiowps_restore_wp_config_button" value="<?php
_e('Restore wp-config File', 'aiowpsecurity');
?>
" class="button-primary" />
</form>
</div></div>
<div class="postbox">
<h3><label for="title"><?php
_e('View Contents of the currently active wp-config.php file', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<?php
$wp_config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path();
$wp_config_contents = AIOWPSecurity_Utility_File::get_file_contents($wp_config_file);
?>
<textarea class="aio_text_area_file_output aio_width_80 aio_spacer_10_tb" rows="20" readonly><?php
echo $wp_config_contents;
?>
</textarea>
</div></div>
<?php
}
//End if statement
}
function render_tab2()
{
global $aio_wp_security;
include_once 'wp-security-list-comment-spammer-ip.php';
//For rendering the AIOWPSecurity_List_Table in tab2
$spammer_ip_list = new AIOWPSecurity_List_Comment_Spammer_IP();
if (isset($_POST['aiowps_ip_spam_comment_search'])) {
$error = '';
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-spammer-ip-list-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed for list SPAM comment IPs!", 4);
die(__('Nonce check failed for list SPAM comment IPs!', 'aiowpsecurity'));
}
$min_comments_per_ip = sanitize_text_field($_POST['aiowps_spam_ip_min_comments']);
if (!is_numeric($min_comments_per_ip)) {
$error .= '<br />' . __('You entered a non numeric value for the minimum SPAM comments per IP field. It has been set to the default value.', 'aiowpsecurity');
$min_comments_per_ip = '5';
//Set it to the default value for this field
}
if ($error) {
$this->show_msg_error(__('Attention!', 'aiowpsecurity') . $error);
}
//Save all the form values to the options
$aio_wp_security->configs->set_value('aiowps_spam_ip_min_comments', absint($min_comments_per_ip));
$aio_wp_security->configs->save_config();
$info_msg_string = sprintf(__('Displaying results for IP addresses which have posted a minimum of %s SPAM comments', 'aiowpsecurity'), $min_comments_per_ip);
$this->show_msg_updated($info_msg_string);
}
if (isset($_REQUEST['action'])) {
if ($_REQUEST['action'] == 'block_spammer_ip') {
//The "block" link was clicked for a row in the list table
$spammer_ip_list->block_spammer_ip_records(strip_tags($_REQUEST['spammer_ip']));
}
}
?>
<div class="aio_blue_box">
<?php
echo '<p>' . __('This tab displays a list of the IP addresses of the people or bots who have left SPAM comments on your site.', 'aiowpsecurity') . '
<br />' . __('This information can be handy for identifying the most persistent IP addresses or ranges used by spammers.', 'aiowpsecurity') . '
<br />' . __('By inspecting the IP address data coming from spammers you will be in a better position to determine which addresses or address ranges you should block by adding them to your blacklist.', 'aiowpsecurity') . '
<br />' . __('To add one or more of the IP addresses displayed in the table below to your blacklist, simply click the "Block" link for the individual row or select more than one address
using the checkboxes and then choose the "block" option from the Bulk Actions dropdown list and click the "Apply" button.', 'aiowpsecurity') . '
</p>';
?>
</div>
<div class="postbox">
<h3><label for="title"><?php
_e('List SPAMMER IP Addresses', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-spammer-ip-list-nonce');
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Minimum number of SPAM comments per IP', 'aiowpsecurity');
?>
:</th>
<td><input type="text" size="5" name="aiowps_spam_ip_min_comments" value="<?php
echo $aio_wp_security->configs->get_value('aiowps_spam_ip_min_comments');
?>
" />
<span class="description"><?php
_e('This field allows you to list only those IP addresses which have been used to post X or more SPAM comments.', 'aiowpsecurity');
?>
</span>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php
_e('More Info', 'aiowpsecurity');
?>
</span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">' . __('Example 1: Setting this value to "0" or "1" will list ALL IP addresses which were used to submit SPAM comments.', 'aiowpsecurity') . '</p>';
echo '<p class="description">' . __('Example 2: Setting this value to "5" will list only those IP addresses which were used to submit 5 SPAM comments or more on your site.', 'aiowpsecurity') . '</p>';
?>
</div>
</td>
</tr>
</table>
<input type="submit" name="aiowps_ip_spam_comment_search" value="<?php
_e('Find IP Addresses', 'aiowpsecurity');
?>
" class="button-primary" />
</form>
</div></div>
<div class="postbox">
<h3><label for="title"><?php
_e('SPAMMER IP Address Results', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<?php
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
echo '<div class="aio_yellow_box">';
echo '<p>' . __('The plugin has detected that you are using a Multi-Site WordPress installation.', 'aiowpsecurity') . '</p>
<p>' . __('Only the "superadmin" can block IP addresses from the main site.', 'aiowpsecurity') . '</p>
<p>' . __('Take note of the IP addresses you want blocked and ask the superadmin to add these to the blacklist using the "Blacklist Manager" on the main site.', 'aiowpsecurity') . '</p>';
echo '</div>';
}
//Fetch, prepare, sort, and filter our data...
$spammer_ip_list->prepare_items();
//echo "put table of locked entries here";
?>
<form id="tables-filter" method="get" onSubmit="return confirm('Are you sure you want to perform this bulk operation on the selected entries?');">
<!-- For plugins, we also need to ensure that the form posts back to our current page -->
<input type="hidden" name="page" value="<?php
echo $_REQUEST['page'];
?>
" />
<input type="hidden" name="tab" value="<?php
echo $_REQUEST['tab'];
?>
" />
<!-- Now we can render the completed list table -->
<?php
$spammer_ip_list->display();
?>
</form>
</div></div>
<?php
}
static function get_blog_ids()
{
global $wpdb, $aio_wp_security;
if (AIOWPSecurity_Utility::is_multisite_install()) {
global $wpdb;
$blog_ids = $wpdb->get_col("SELECT blog_id FROM " . $wpdb->prefix . "blogs");
} else {
$blog_ids = array();
}
return $blog_ids;
}
static function deactivate_handler()
{
//Only runs with the pluign is deactivated
include_once 'classes/wp-security-deactivation-tasks.php';
//AIOWPSecurity_Deactivation::run_deactivation_tasks();
wp_clear_scheduled_hook('aiowps_hourly_cron_event');
//wp_clear_scheduled_hook('aiowps_daily_cron_event');
if (AIOWPSecurity_Utility::is_multisite_install()) {
delete_site_transient('users_online');
} else {
delete_transient('users_online');
}
}
function do_additional_plugins_loaded_tasks()
{
global $aio_wp_security;
if (isset($_GET['aiowpsec_do_log_out'])) {
wp_logout();
if (isset($_GET['after_logout'])) {
$after_logout_url = esc_url($_GET['after_logout']);
AIOWPSecurity_Utility::redirect_to_url($after_logout_url);
}
$additional_data = strip_tags($_GET['al_additional_data']);
if (isset($additional_data)) {
$login_url = '';
//Check if rename login feature enabled
if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
if (get_option('permalink_structure')) {
$home_url = trailingslashit(home_url());
} else {
$home_url = trailingslashit(home_url()) . '?';
}
$login_url = $home_url . $aio_wp_security->configs->get_value('aiowps_login_page_slug');
} else {
$login_url = wp_login_url();
}
//Inspect the payload and do redirect to login page with a msg and redirect url
$logout_payload = AIOWPSecurity_Utility::is_multisite_install() ? get_site_transient('aiowps_logout_payload') : get_transient('aiowps_logout_payload');
if (!empty($logout_payload['redirect_to'])) {
$login_url = AIOWPSecurity_Utility::add_query_data_to_url($login_url, 'redirect_to', $logout_payload['redirect_to']);
}
if (!empty($logout_payload['msg'])) {
$login_url .= '&' . $logout_payload['msg'];
}
if (!empty($login_url)) {
AIOWPSecurity_Utility::redirect_to_url($login_url);
}
}
}
}
function render_tab5()
{
$logged_in_users = AIOWPSecurity_Utility::is_multisite_install() ? get_site_transient('users_online') : get_transient('users_online');
global $aio_wp_security;
include_once 'wp-security-list-logged-in-users.php';
//For rendering the AIOWPSecurity_List_Table
$user_list = new AIOWPSecurity_List_Logged_In_Users();
if (isset($_REQUEST['action'])) {
if ($_REQUEST['action'] == 'force_user_logout') {
//Force Logout link was clicked for a row in list table
$user_list->force_user_logout(strip_tags($_REQUEST['logged_in_id']), strip_tags($_REQUEST['ip_address']));
}
}
if (isset($_POST['aiowps_refresh_logged_in_user_list'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-logged-in-users-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed for users logged in list!", 4);
die(__('Nonce check failed for users logged in list!', 'all-in-one-wp-security-and-firewall'));
}
$user_list->prepare_items();
}
?>
<div class="postbox">
<h3><label for="title"><?php
_e('Refresh Logged In User Data', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-logged-in-users-nonce');
?>
<input type="submit" name="aiowps_refresh_logged_in_user_list" value="<?php
_e('Refresh Data', 'all-in-one-wp-security-and-firewall');
?>
" class="button-primary" />
</form>
</div></div>
<div class="aio_blue_box">
<?php
echo '<p>' . __('This tab displays all users who are currently logged into your site.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('If you suspect there is a user or users who are logged in which should not be, you can block them by inspecting the IP addresses from the data below and adding them to your blacklist.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('You can also instantly log them out by clicking on the "Force Logout" link when you hover over the row in the User Id column.', 'all-in-one-wp-security-and-firewall') . '
</p>';
?>
</div>
<div class="postbox">
<h3><label for="title"><?php
_e('Currently Logged In Users', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<?php
//Fetch, prepare, sort, and filter our data...
$user_list->prepare_items();
//echo "put table of locked entries here";
?>
<form id="tables-filter" method="get" onSubmit="return confirm('Are you sure you want to perform this bulk operation on the selected entries?');">
<!-- For plugins, we also need to ensure that the form posts back to our current page -->
<input type="hidden" name="page" value="<?php
echo esc_attr($_REQUEST['page']);
?>
" />
<input type="hidden" name="tab" value="<?php
echo esc_attr($_REQUEST['tab']);
?>
" />
<!-- Now we can render the completed list table -->
<?php
$user_list->display();
?>
</form>
</div></div>
<?php
}
function validate_change_username_form()
{
global $wpdb;
global $aio_wp_security;
$errors = '';
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-change-admin-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on admin username change operation!", 4);
die(__('Nonce check failed on admin username change operation!', 'aiowpsecurity'));
}
if (!empty($_POST['aiowps_new_user_name'])) {
$new_username = sanitize_text_field($_POST['aiowps_new_user_name']);
if (validate_username($new_username)) {
if (AIOWPSecurity_Utility::check_user_exists($new_username)) {
$errors .= __('Username ', 'aiowpsecurity') . $new_username . __(' already exists. Please enter another value. ', 'aiowpsecurity');
} else {
//let's check if currently logged in username is 'admin'
global $user_login;
get_currentuserinfo();
if (strtolower($user_login) == 'admin') {
$username_is_admin = TRUE;
} else {
$username_is_admin = FALSE;
}
//Now let's change the username
$result = $wpdb->query("UPDATE `" . $wpdb->users . "` SET user_login = '******' WHERE user_login='******';");
if (!$result) {
//There was an error updating the users table
$user_update_error = __('The database update operation of the user account failed!', 'aiowpsecurity');
//TODO## - add error logging here
$return_msg = '<div id="message" class="updated fade"><p>' . $user_update_error . '</p></div>';
return $return_msg;
}
//multisite considerations
if (AIOWPSecurity_Utility::is_multisite_install()) {
//process sitemeta if we're in a multi-site situation
$oldAdmins = $wpdb->get_var("SELECT meta_value FROM `" . $wpdb->sitemeta . "` WHERE meta_key = 'site_admins'");
$newAdmins = str_replace('5:"admin"', strlen($new_username) . ':"' . esc_sql($new_username) . '"', $oldAdmins);
$wpdb->query("UPDATE `" . $wpdb->sitemeta . "` SET meta_value = '" . esc_sql($newAdmins) . "' WHERE meta_key = 'site_admins'");
}
//If user is logged in with username "admin" then log user out and send to login page so they can login again
if ($username_is_admin) {
//Lets logout the user
$aio_wp_security->debug_logger->log_debug("Logging User Out with login " . $user_login . " because they changed their username.");
$after_logout_url = AIOWPSecurity_Utility::get_current_page_url();
$after_logout_payload = 'redirect_to=' . $after_logout_url . '&msg=' . $aio_wp_security->user_login_obj->key_login_msg . '=admin_user_changed';
//Place the handle for the login screen message in the URL
$encrypted_payload = base64_encode($after_logout_payload);
$logout_url = AIOWPSEC_WP_URL . '?aiowpsec_do_log_out=1';
$logout_url = AIOWPSecurity_Utility::add_query_data_to_url($logout_url, 'al_additional_data', $encrypted_payload);
AIOWPSecurity_Utility::redirect_to_url($logout_url);
}
}
} else {
//An invalid username was entered
$errors .= __('You entered an invalid username. Please enter another value. ', 'aiowpsecurity');
}
} else {
//No username value was entered
$errors .= __('Please enter a value for your username. ', 'aiowpsecurity');
}
if (strlen($errors) > 0) {
//We have some validation or other error
$return_msg = '<div id="message" class="error"><p>' . $errors . '</p></div>';
} else {
$return_msg = '<div id="message" class="updated fade"><p>' . __('Username Successfully Changed!', 'aiowpsecurity') . '</p></div>';
}
return $return_msg;
}
function render_tab1()
{
global $aiowps_feature_mgr;
global $aio_wp_security;
include_once 'wp-security-list-registered-users.php';
//For rendering the AIOWPSecurity_List_Table
$user_list = new AIOWPSecurity_List_Registered_Users();
if (isset($_POST['aiowps_save_user_registration_settings'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-user-registration-settings-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on save user registration settings!", 4);
die("Nonce check failed on save user registration settings!");
}
//Save settings
$aio_wp_security->configs->set_value('aiowps_enable_manual_registration_approval', isset($_POST["aiowps_enable_manual_registration_approval"]) ? '1' : '');
//Commit the config settings
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_updated(__('Settings were successfully saved', 'aiowpsecurity'));
}
if (isset($_REQUEST['action'])) {
if ($_REQUEST['action'] == 'approve_acct') {
//Delete link was clicked for a row in list table
$user_list->approve_selected_accounts(strip_tags($_REQUEST['user_id']));
}
if ($_REQUEST['action'] == 'delete_acct') {
//Unlock link was clicked for a row in list table
$user_list->delete_selected_accounts(strip_tags($_REQUEST['user_id']));
}
}
?>
<h2><?php
_e('User Registration Settings', 'aiowpsecurity');
?>
</h2>
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-user-registration-settings-nonce');
?>
<div class="postbox">
<h3><label for="title"><?php
_e('Manually Approve New Registrations', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<div class="aio_blue_box">
<?php
echo '<p>' . __('If your site allows people to create their own accounts via the WordPress registration form, then you can minimize SPAM or bogus registrations by manually approving each registration.', 'aiowpsecurity') . '<br />' . __('This feature will automatically set a newly registered account to "pending" until the administrator activates it. Therefore undesirable registrants will be unable to log in without your express approval.', 'aiowpsecurity') . '<br />' . __('You can view all accounts which have been newly registered via the handy table below and you can also perform bulk activation/deactivation/deletion tasks on each account.', 'aiowpsecurity') . '</p>';
?>
</div>
<?php
//Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("manually-approve-registrations");
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
//Hide config settings if MS and not main site
AIOWPSecurity_Utility::display_multisite_message();
} else {
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Enable manual approval of new registrations', 'aiowpsecurity');
?>
:</th>
<td>
<input name="aiowps_enable_manual_registration_approval" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_manual_registration_approval') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to automatically disable all newly registered accounts so that you can approve them manually.', 'aiowpsecurity');
?>
</span>
</td>
</tr>
</table>
<?php
}
//End if statement
?>
<input type="submit" name="aiowps_save_user_registration_settings" value="<?php
_e('Save Settings', 'aiowpsecurity');
?>
" class="button-primary" />
</div></div>
</form>
<div class="postbox">
<h3><label for="title"><?php
_e('Approve Registered Users', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<?php
//Fetch, prepare, sort, and filter our data...
$user_list->prepare_items();
?>
<form id="tables-filter" method="get" onSubmit="return confirm('Are you sure you want to perform this bulk operation on the selected entries?');">
<!-- For plugins, we also need to ensure that the form posts back to our current page -->
<input type="hidden" name="page" value="<?php
echo $_REQUEST['page'];
?>
" />
<!-- Now we can render the completed list table -->
<?php
$user_list->display();
?>
</div></div>
<?php
}
