function do_other_admin_side_init_tasks()
{
global $aio_wp_security;
//***New Feature improvement for Cookie Based Brute Force Protection***//
//The old "test cookie" used to be too easy to guess because someone could just read the code and get the value.
//So now we will drop a more secure test cookie using a 10 digit random string
if ($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention') == '1') {
// This code is for users who had this feature saved using an older release. This will drop the new more secure test cookie to the browser and will write it to the .htaccess file too
$test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
if (empty($test_cookie)) {
$random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
$test_cookie_name = 'aiowps_cookie_test_' . $random_suffix;
$aio_wp_security->configs->set_value('aiowps_cookie_brute_test', $test_cookie_name);
$aio_wp_security->configs->save_config();
//save the value
AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, "1");
//Write this new cookie to the .htaccess file
$res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
if ($res == -1) {
$aio_wp_security->debug_logger->log_debug("Error writing new test cookie with random suffix to .htaccess file!", 4);
}
}
}
//For cookie test form submission case
if (isset($_GET['page']) && $_GET['page'] == AIOWPSEC_BRUTE_FORCE_MENU_SLUG && isset($_GET['tab']) && $_GET['tab'] == 'tab2') {
global $aio_wp_security;
if (isset($_POST['aiowps_do_cookie_test_for_bfla'])) {
$random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
$test_cookie_name = 'aiowps_cookie_test_' . $random_suffix;
$aio_wp_security->configs->set_value('aiowps_cookie_brute_test', $test_cookie_name);
$aio_wp_security->configs->save_config();
//save the value
AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, "1");
$cur_url = "admin.php?page=" . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . "&tab=tab2";
$redirect_url = AIOWPSecurity_Utility::add_query_data_to_url($cur_url, 'aiowps_cookie_test', "1");
AIOWPSecurity_Utility::redirect_to_url($redirect_url);
}
if (isset($_POST['aiowps_enable_brute_force_attack_prevention'])) {
$brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
if (empty($brute_force_feature_secret_word)) {
$brute_force_feature_secret_word = "aiowps_secret";
}
AIOWPSecurity_Utility::set_cookie_value($brute_force_feature_secret_word, "1");
}
if (isset($_REQUEST['aiowps_cookie_test'])) {
$test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
$cookie_val = AIOWPSecurity_Utility::get_cookie_value($test_cookie);
if (empty($cookie_val)) {
$aio_wp_security->configs->set_value('aiowps_cookie_test_success', '');
} else {
$aio_wp_security->configs->set_value('aiowps_cookie_test_success', '1');
}
$aio_wp_security->configs->save_config();
//save the value
}
}
if (isset($_POST['aiowps_save_wp_config'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-save-wp-config-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on wp_config file save!", 4);
die("Nonce check failed on wp_config file save!");
}
$wp_config_path = AIOWPSecurity_Utility_File::get_wp_config_file_path();
$result = AIOWPSecurity_Utility_File::backup_and_rename_wp_config($wp_config_path);
//Backup the wp_config.php file
AIOWPSecurity_Utility_File::download_a_file_option1($wp_config_path, "wp-config-backup.txt");
}
//Handle export settings
if (isset($_POST['aiowps_export_settings'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-export-settings-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on export AIOWPS settings!", 4);
die("Nonce check failed on export AIOWPS settings!");
}
$config_data = get_option('aio_wp_security_configs');
$output = json_encode($config_data);
AIOWPSecurity_Utility_File::download_content_to_a_file($output);
}
}
function __construct()
{
global $aio_wp_security;
if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
add_action('widgets_init', array(&$this, 'remove_standard_wp_meta_widget'));
add_filter('retrieve_password_message', array(&$this, 'decode_reset_pw_msg'), 10, 4);
//Fix for non decoded html entities in password reset link
}
add_action('admin_notices', array(&$this, 'reapply_htaccess_rules_notice'));
if (isset($_REQUEST['aiowps_reapply_htaccess'])) {
if (strip_tags($_REQUEST['aiowps_reapply_htaccess']) == 1) {
include_once 'wp-security-installer.php';
if (AIOWPSecurity_Installer::reactivation_tasks()) {
echo '<div class="updated"><p>The AIOWPS .htaccess rules were successfully re-inserted.</p></div>';
} else {
echo '<div class="error"><p>AIOWPS encountered an error when trying to write to your .htaccess file. Please check the logs.</p></div>';
}
} elseif (strip_tags($_REQUEST['aiowps_reapply_htaccess']) == 2) {
//Don't re-write the rules and just delete the temp config item
delete_option('aiowps_temp_configs');
}
}
if ($aio_wp_security->configs->get_value('aiowps_prevent_site_display_inside_frame') == '1') {
send_frame_options_header();
//send X-Frame-Options: SAMEORIGIN in HTTP header
}
if ($aio_wp_security->configs->get_value('aiowps_remove_wp_generator_meta_info') == '1') {
add_filter('the_generator', array(&$this, 'remove_wp_generator_meta_info'));
}
//For the cookie based brute force prevention feature
if ($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention') == 1) {
$bfcf_secret_word = $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word');
if (isset($_GET[$bfcf_secret_word])) {
//If URL contains secret word in query param then set cookie and then redirect to the login page
AIOWPSecurity_Utility::set_cookie_value($bfcf_secret_word, "1");
AIOWPSecurity_Utility::redirect_to_url(AIOWPSEC_WP_URL . "/wp-admin");
}
}
//For user unlock request feature
if (isset($_POST['aiowps_unlock_request']) || isset($_POST['aiowps_wp_submit_unlock_request'])) {
nocache_headers();
remove_action('wp_head', 'head_addons', 7);
include_once AIO_WP_SECURITY_PATH . '/other-includes/wp-security-unlock-request.php';
exit;
}
if (isset($_GET['aiowps_auth_key'])) {
//If URL contains unlock key in query param then process the request
$unlock_key = strip_tags($_GET['aiowps_auth_key']);
AIOWPSecurity_User_Login::process_unlock_request($unlock_key);
}
//For honeypot feature
if (isset($_POST['aio_special_field'])) {
$special_field_value = strip_tags($_POST['aio_special_field']);
if (!empty($special_field_value)) {
//This means a robot has submitted the login form!
//Redirect back to its localhost
AIOWPSecurity_Utility::redirect_to_url('http://127.0.0.1');
}
}
//For 404 IP lockout feature
if ($aio_wp_security->configs->get_value('aiowps_enable_404_IP_lockout') == '1') {
if (!is_user_logged_in() || !current_user_can('administrator')) {
$this->do_404_lockout_tasks();
}
}
//For login captcha feature
if ($aio_wp_security->configs->get_value('aiowps_enable_login_captcha') == '1') {
if (!is_user_logged_in()) {
add_action('login_form', array(&$this, 'insert_captcha_question_form'));
}
}
//For custom login form captcha feature, ie, when wp_login_form() function is used to generate login form
if ($aio_wp_security->configs->get_value('aiowps_enable_custom_login_captcha') == '1') {
if (!is_user_logged_in()) {
add_filter('login_form_middle', array(&$this, 'insert_captcha_custom_login'), 10, 2);
//For cases where the WP wp_login_form() function is used
}
}
//For honeypot feature
if ($aio_wp_security->configs->get_value('aiowps_enable_login_honeypot') == '1') {
if (!is_user_logged_in()) {
add_action('login_form', array(&$this, 'insert_honeypot_hidden_field'));
}
}
//For lost password captcha feature
if ($aio_wp_security->configs->get_value('aiowps_enable_lost_password_captcha') == '1') {
if (!is_user_logged_in()) {
add_action('lostpassword_form', array(&$this, 'insert_captcha_question_form'));
add_action('lostpassword_post', array(&$this, 'process_lost_password_form_post'));
}
}
//For registration page captcha feature
if (AIOWPSecurity_Utility::is_multisite_install()) {
$blog_id = get_current_blog_id();
switch_to_blog($blog_id);
if ($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1') {
if (!is_user_logged_in()) {
add_action('signup_extra_fields', array(&$this, 'insert_captcha_question_form_multi'));
//add_action('preprocess_signup_form', array(&$this, 'process_signup_form_multi'));
add_filter('wpmu_validate_user_signup', array(&$this, 'process_signup_form_multi'));
}
}
restore_current_blog();
} else {
if ($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1') {
if (!is_user_logged_in()) {
add_action('register_form', array(&$this, 'insert_captcha_question_form'));
}
}
}
//For comment captcha feature
if (AIOWPSecurity_Utility::is_multisite_install()) {
$blog_id = get_current_blog_id();
switch_to_blog($blog_id);
if ($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1') {
add_action('comment_form_after_fields', array(&$this, 'insert_captcha_question_form'), 1);
add_action('comment_form_logged_in_after', array(&$this, 'insert_captcha_question_form'), 1);
add_filter('preprocess_comment', array(&$this, 'process_comment_post'));
}
restore_current_blog();
} else {
if ($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1') {
add_action('comment_form_after_fields', array(&$this, 'insert_captcha_question_form'), 1);
add_action('comment_form_logged_in_after', array(&$this, 'insert_captcha_question_form'), 1);
add_filter('preprocess_comment', array(&$this, 'process_comment_post'));
}
}
//For buddypress registration captcha feature
if ($aio_wp_security->configs->get_value('aiowps_enable_bp_register_captcha') == '1') {
add_action('bp_account_details_fields', array(&$this, 'insert_captcha_question_form'));
add_action('bp_signup_validate', array(&$this, 'buddy_press_signup_validate_captcha'));
}
//For feature which displays logged in users
$this->update_logged_in_user_transient();
//For block fake googlebots feature
if ($aio_wp_security->configs->get_value('aiowps_block_fake_googlebots') == '1') {
include_once AIO_WP_SECURITY_PATH . '/classes/wp-security-bot-protection.php';
AIOWPSecurity_Fake_Bot_Protection::block_fake_googlebots();
}
//For 404 event logging
if ($aio_wp_security->configs->get_value('aiowps_enable_404_logging') == '1') {
add_action('wp_head', array(&$this, 'check_404_event'));
}
//Add more tasks that need to be executed at init time
}
function __construct()
{
global $aio_wp_security;
if ($aio_wp_security->configs->get_value('aiowps_remove_wp_generator_meta_info') == '1') {
add_filter('the_generator', array(&$this, 'remove_wp_generator_meta_info'));
}
//For the cookie based brute force prevention feature
$bfcf_secret_word = $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word');
if (isset($_GET[$bfcf_secret_word])) {
//If URL contains secret word in query param then set cookie and then redirect to the login page
AIOWPSecurity_Utility::set_cookie_value($bfcf_secret_word, "1");
AIOWPSecurity_Utility::redirect_to_url(AIOWPSEC_WP_URL . "/wp-admin");
}
//For user unlock request feature
if (isset($_POST['aiowps_unlock_request']) || isset($_POST['aiowps_wp_submit_unlock_request'])) {
nocache_headers();
remove_action('wp_head', 'head_addons', 7);
include_once AIO_WP_SECURITY_PATH . '/other-includes/wp-security-unlock-request.php';
exit;
}
if (isset($_GET['aiowps_auth_key'])) {
//If URL contains unlock key in query param then process the request
$unlock_key = strip_tags($_GET['aiowps_auth_key']);
AIOWPSecurity_User_Login::process_unlock_request($unlock_key);
}
//For 404 IP lockout feature
if ($aio_wp_security->configs->get_value('aiowps_enable_404_IP_lockout') == '1') {
if (!is_user_logged_in() || !current_user_can('administrator')) {
$this->do_404_lockout_tasks();
}
}
//For login captcha feature
if ($aio_wp_security->configs->get_value('aiowps_enable_login_captcha') == '1') {
if (!is_user_logged_in()) {
add_action('login_form', array(&$this, 'insert_captcha_question_form'));
}
}
//For lost password captcha feature
if ($aio_wp_security->configs->get_value('aiowps_enable_lost_password_captcha') == '1') {
if (!is_user_logged_in()) {
add_action('lostpassword_form', array(&$this, 'insert_captcha_question_form'));
add_action('lostpassword_post', array(&$this, 'process_lost_password_form_post'));
}
}
//For registration page captcha feature
if (AIOWPSecurity_Utility::is_multisite_install()) {
$blog_id = get_current_blog_id();
switch_to_blog($blog_id);
if ($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1') {
if (!is_user_logged_in()) {
add_action('signup_extra_fields', array(&$this, 'insert_captcha_question_form_multi'));
//add_action('preprocess_signup_form', array(&$this, 'process_signup_form_multi'));
add_filter('wpmu_validate_user_signup', array(&$this, 'process_signup_form_multi'));
}
}
restore_current_blog();
} else {
if ($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1') {
if (!is_user_logged_in()) {
add_action('register_form', array(&$this, 'insert_captcha_question_form'));
}
}
}
//For comment captcha feature
if (AIOWPSecurity_Utility::is_multisite_install()) {
$blog_id = get_current_blog_id();
switch_to_blog($blog_id);
if ($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1') {
add_action('comment_form_after_fields', array(&$this, 'insert_captcha_question_form'), 1);
add_action('comment_form_logged_in_after', array(&$this, 'insert_captcha_question_form'), 1);
add_filter('preprocess_comment', array(&$this, 'process_comment_post'));
}
restore_current_blog();
} else {
if ($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1') {
add_action('comment_form_after_fields', array(&$this, 'insert_captcha_question_form'), 1);
add_action('comment_form_logged_in_after', array(&$this, 'insert_captcha_question_form'), 1);
add_filter('preprocess_comment', array(&$this, 'process_comment_post'));
}
}
//For feature which displays logged in users
$this->update_logged_in_user_transient();
//For block fake googlebots feature
if ($aio_wp_security->configs->get_value('aiowps_block_fake_googlebots') == '1') {
include_once AIO_WP_SECURITY_PATH . '/classes/wp-security-bot-protection.php';
AIOWPSecurity_Fake_Bot_Protection::block_fake_googlebots();
}
//For 404 event logging
if ($aio_wp_security->configs->get_value('aiowps_enable_404_logging') == '1') {
add_action('wp_head', array(&$this, 'check_404_event'));
}
//Add more tasks that need to be executed at init time
}
function do_other_admin_side_init_tasks()
{
if (isset($_GET['page']) && $_GET['page'] == AIOWPSEC_BRUTE_FORCE_MENU_SLUG && isset($_GET['tab']) && $_GET['tab'] == 'tab2') {
global $aio_wp_security;
if (isset($_POST['aiowps_do_cookie_test_for_bfla'])) {
AIOWPSecurity_Utility::set_cookie_value("aiowps_cookie_test", "1");
$cur_url = "admin.php?page=" . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . "&tab=tab2";
$redirect_url = AIOWPSecurity_Utility::add_query_data_to_url($cur_url, "aiowps_cookie_test", "1");
AIOWPSecurity_Utility::redirect_to_url($redirect_url);
}
if (isset($_POST['aiowps_enable_brute_force_attack_prevention'])) {
$brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
if (empty($brute_force_feature_secret_word)) {
$brute_force_feature_secret_word = "aiowps_secret";
}
AIOWPSecurity_Utility::set_cookie_value($brute_force_feature_secret_word, "1");
}
if (isset($_REQUEST['aiowps_cookie_test'])) {
$cookie_val = AIOWPSecurity_Utility::get_cookie_value("aiowps_cookie_test");
if (empty($cookie_val)) {
$aio_wp_security->configs->set_value('aiowps_cookie_test_success', '');
} else {
$aio_wp_security->configs->set_value('aiowps_cookie_test_success', '1');
}
$aio_wp_security->configs->save_config();
//save the value
}
}
if (isset($_POST['aiowps_save_wp_config'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-save-wp-config-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on wp_config file save!", 4);
die("Nonce check failed on wp_config file save!");
}
$wp_config_path = ABSPATH . 'wp-config.php';
$result = AIOWPSecurity_Utility_File::backup_and_rename_wp_config($wp_config_path);
//Backup the wp_config.php file
AIOWPSecurity_Utility_File::download_a_file_option1($wp_config_path, "wp-config-backup.txt");
}
}
