function sucuriscan_settings_general_apikey($nonce)
{
$params = array();
$invalid_domain = false;
$api_recovery_modal = '';
$api_registered_modal = '';
// Whether the form to manually add the API key should be shown or not.
$display_manual_key_form = (bool) (SucuriScanRequest::post(':recover_key') !== false);
if ($nonce) {
if (!empty($_POST) && SucuriScanOption::settingsInTextFile()) {
$fpath = SucuriScanOption::optionsFilePath();
if (!is_writable($fpath)) {
SucuriScanInterface::error('Storage is not writable: <code>' . $fpath . '</code>');
}
}
// Remove API key from the local storage.
if (SucuriScanRequest::post(':remove_api_key') !== false) {
SucuriScanAPI::setPluginKey('');
wp_clear_scheduled_hook('sucuriscan_scheduled_scan');
SucuriScanEvent::report_critical_event('Sucuri API key was deleted.');
SucuriScanEvent::notify_event('plugin_change', 'Sucuri API key removed');
}
// Save API key after it was recovered by the administrator.
if ($api_key = SucuriScanRequest::post(':manual_api_key')) {
SucuriScanAPI::setPluginKey($api_key, true);
SucuriScanEvent::schedule_task();
SucuriScanEvent::report_info_event('Sucuri API key was added manually.');
}
// Generate new API key from the API service.
if (SucuriScanRequest::post(':plugin_api_key') !== false) {
$user_id = SucuriScanRequest::post(':setup_user');
$user_obj = SucuriScan::get_user_by_id($user_id);
if ($user_obj !== false && user_can($user_obj, 'administrator')) {
// Send request to generate new API key or display form to set manually.
if (SucuriScanAPI::registerSite($user_obj->user_email)) {
$api_registered_modal = SucuriScanTemplate::getModal('settings-apiregistered', array('Title' => 'Site registered successfully', 'CssClass' => 'sucuriscan-apikey-registered'));
} else {
$display_manual_key_form = true;
}
}
}
// Recover API key through the email registered previously.
if (SucuriScanRequest::post(':recover_key') !== false) {
$_GET['recover'] = 'true';
SucuriScanAPI::recoverKey();
SucuriScanEvent::report_info_event('Recovery of the Sucuri API key was requested.');
}
}
$api_key = SucuriScanAPI::getPluginKey();
if (SucuriScanRequest::get('recover') !== false) {
$api_recovery_modal = SucuriScanTemplate::getModal('settings-apirecovery', array('Title' => 'Plugin API Key Recovery', 'CssClass' => 'sucuriscan-apirecovery'));
}
// Check whether the domain name is valid or not.
if (!$api_key) {
$clean_domain = SucuriScan::get_top_level_domain();
$domain_address = @gethostbyname($clean_domain);
$invalid_domain = (bool) ($domain_address === $clean_domain);
}
$params['APIKey'] = !$api_key ? '(not set)' : $api_key;
$params['APIKey.RecoverVisibility'] = SucuriScanTemplate::visibility(!$api_key && !$display_manual_key_form);
$params['APIKey.ManualKeyFormVisibility'] = SucuriScanTemplate::visibility($display_manual_key_form);
$params['APIKey.RemoveVisibility'] = SucuriScanTemplate::visibility((bool) $api_key);
$params['InvalidDomainVisibility'] = SucuriScanTemplate::visibility($invalid_domain);
$params['ModalWhenAPIRegistered'] = $api_registered_modal;
$params['ModalForApiKeyRecovery'] = $api_recovery_modal;
return SucuriScanTemplate::getSection('settings-general-apikey', $params);
}
function sucuriscan_settings_general_apikey($nonce)
{
$params = array();
$invalid_domain = false;
$api_recovery_modal = '';
$api_registered_modal = '';
// Whether the form to manually add the API key should be shown or not.
$display_manual_key_form = (bool) (SucuriScanRequest::post(':recover_key') !== false);
if ($nonce) {
if (SucuriScanRequest::post(':plugin_api_key') !== false) {
$user_id = SucuriScanRequest::post(':setup_user');
$user_obj = SucuriScan::get_user_by_id($user_id);
if ($user_obj !== false && user_can($user_obj, 'administrator')) {
// Send request to generate new API key or display form to set manually.
if (SucuriScanAPI::register_site($user_obj->user_email)) {
$api_registered_modal = SucuriScanTemplate::get_modal('settings-apiregistered', array('Title' => 'Site registered successfully', 'CssClass' => 'sucuriscan-apikey-registered'));
} else {
$display_manual_key_form = true;
}
}
}
// Recover API key through the email registered previously.
if (SucuriScanRequest::post(':recover_key') !== false) {
SucuriScanAPI::recover_key();
SucuriScanEvent::report_info_event('Recovery of the Sucuri API key was requested.');
$api_recovery_modal = SucuriScanTemplate::get_modal('settings-apirecovery', array('Title' => 'Plugin API Key Recovery', 'CssClass' => 'sucuriscan-apirecovery'));
}
}
$api_key = SucuriScanAPI::get_plugin_key();
// Check whether the domain name is valid or not.
if (!$api_key) {
$clean_domain = SucuriScan::get_top_level_domain();
$domain_address = @gethostbyname($clean_domain);
$invalid_domain = (bool) ($domain_address === $clean_domain);
}
$params['APIKey'] = !$api_key ? '<em>(not set)</em>' : $api_key;
$params['APIKey.RecoverVisibility'] = SucuriScanTemplate::visibility(!$api_key && !$display_manual_key_form);
$params['APIKey.ManualKeyFormVisibility'] = SucuriScanTemplate::visibility($display_manual_key_form);
$params['APIKey.RemoveVisibility'] = SucuriScanTemplate::visibility((bool) $api_key);
$params['InvalidDomainVisibility'] = SucuriScanTemplate::visibility($invalid_domain);
$params['ModalWhenAPIRegistered'] = $api_registered_modal;
$params['ModalForApiKeyRecovery'] = $api_recovery_modal;
return SucuriScanTemplate::get_section('settings-general-apikey', $params);
}
/**
* Read and parse the content of the general settings template.
*
* @return string Parsed HTML code for the general settings panel.
*/
function sucuriscan_settings_general()
{
global $sucuriscan_emails_per_hour, $sucuriscan_maximum_failed_logins, $sucuriscan_verify_ssl_cert;
// Check the nonce here to populate the value through other functions.
$page_nonce = SucuriScanInterface::check_nonce();
// Process all form submissions.
sucuriscan_settings_form_submissions($page_nonce);
// Register the site, get its API key, and store it locally for future usage.
$api_registered_modal = '';
// Whether the form to manually add the API key should be shown or not.
$display_manual_key_form = (bool) (SucuriScanRequest::post(':recover_key') !== false);
if ($page_nonce && SucuriScanRequest::post(':plugin_api_key') !== false) {
$user_id = SucuriScanRequest::post(':setup_user');
$user_obj = SucuriScan::get_user_by_id($user_id);
if ($user_obj !== false && user_can($user_obj, 'administrator')) {
// Send request to generate new API key or display form to set manually.
if (SucuriScanAPI::register_site($user_obj->user_email)) {
$api_registered_modal = SucuriScanTemplate::get_modal('settings-apiregistered', array('Title' => 'Site registered successfully', 'CssClass' => 'sucuriscan-apikey-registered'));
} else {
$display_manual_key_form = true;
}
}
}
// Get initial variables to decide some things bellow.
$api_key = SucuriScanAPI::get_plugin_key();
$emails_per_hour = SucuriScanOption::get_option(':emails_per_hour');
$maximum_failed_logins = SucuriScanOption::get_option(':maximum_failed_logins');
$verify_ssl_cert = SucuriScanOption::get_option(':verify_ssl_cert');
$audit_report = SucuriScanOption::get_option(':audit_report');
$logs4report = SucuriScanOption::get_option(':logs4report');
$revproxy = SucuriScanOption::get_option(':revproxy');
$dns_lookups = SucuriScanOption::get_option(':dns_lookups');
$comment_monitor = SucuriScanOption::get_option(':comment_monitor');
$xhr_monitor = SucuriScanOption::get_option(':xhr_monitor');
$invalid_domain = false;
// Check whether the domain name is valid or not.
if (!$api_key) {
$clean_domain = SucuriScan::get_top_level_domain();
$domain_address = @gethostbyname($clean_domain);
$invalid_domain = $domain_address == $clean_domain ? true : false;
}
// Generate the HTML code for the option list in the form select fields.
$emails_per_hour_options = SucuriScanTemplate::get_select_options($sucuriscan_emails_per_hour, $emails_per_hour);
$maximum_failed_logins_options = SucuriScanTemplate::get_select_options($sucuriscan_maximum_failed_logins, $maximum_failed_logins);
$verify_ssl_cert_options = SucuriScanTemplate::get_select_options($sucuriscan_verify_ssl_cert, $verify_ssl_cert);
$template_variables = array('APIKey' => !$api_key ? '<em>(not set)</em>' : $api_key, 'APIKey.RecoverVisibility' => SucuriScanTemplate::visibility(!$api_key && !$display_manual_key_form), 'APIKey.ManualKeyFormVisibility' => SucuriScanTemplate::visibility($display_manual_key_form), 'APIKey.RemoveVisibility' => SucuriScanTemplate::visibility((bool) $api_key), 'InvalidDomainVisibility' => SucuriScanTemplate::visibility($invalid_domain), 'NotifyTo' => SucuriScanOption::get_option(':notify_to'), 'EmailsPerHour' => 'Undefined', 'EmailsPerHourOptions' => $emails_per_hour_options, 'MaximumFailedLogins' => 'Undefined', 'MaximumFailedLoginsOptions' => $maximum_failed_logins_options, 'VerifySSLCert' => 'Undefined', 'VerifySSLCertOptions' => $verify_ssl_cert_options, 'RequestTimeout' => SucuriScanOption::get_option(':request_timeout') . ' seconds', 'DatastorePath' => SucuriScanOption::get_option(':datastore_path'), 'CollectWrongPasswords' => 'No collect passwords', 'ModalWhenAPIRegistered' => $api_registered_modal, 'AuditReportStatus' => 'Enabled', 'AuditReportSwitchText' => 'Disable', 'AuditReportSwitchValue' => 'disable', 'AuditReportSwitchCssClass' => 'button-danger', 'AuditReportLimit' => $logs4report, 'ReverseProxyStatus' => 'Enabled', 'ReverseProxySwitchText' => 'Disable', 'ReverseProxySwitchValue' => 'disable', 'ReverseProxySwitchCssClass' => 'button-danger', 'DnsLookupsStatus' => 'Enabled', 'DnsLookupsSwitchText' => 'Disable', 'DnsLookupsSwitchValue' => 'disable', 'DnsLookupsSwitchCssClass' => 'button-danger', 'CommentMonitorStatus' => 'Enabled', 'CommentMonitorSwitchText' => 'Disable', 'CommentMonitorSwitchValue' => 'disable', 'CommentMonitorSwitchCssClass' => 'button-danger', 'XhrMonitorStatus' => 'Enabled', 'XhrMonitorSwitchText' => 'Disable', 'XhrMonitorSwitchValue' => 'disable', 'XhrMonitorSwitchCssClass' => 'button-danger', 'APIProxy.Host' => 'no_proxy_host', 'APIProxy.Port' => 'no_proxy_port', 'APIProxy.Username' => 'no_proxy_username', 'APIProxy.Password' => 'no_proxy_password', 'APIProxy.PasswordType' => 'default', 'APIProxy.PasswordText' => 'empty');
if (array_key_exists($emails_per_hour, $sucuriscan_emails_per_hour)) {
$template_variables['EmailsPerHour'] = $sucuriscan_emails_per_hour[$emails_per_hour];
}
if (array_key_exists($maximum_failed_logins, $sucuriscan_maximum_failed_logins)) {
$template_variables['MaximumFailedLogins'] = $sucuriscan_maximum_failed_logins[$maximum_failed_logins];
}
if (array_key_exists($verify_ssl_cert, $sucuriscan_verify_ssl_cert)) {
$template_variables['VerifySSLCert'] = $sucuriscan_verify_ssl_cert[$verify_ssl_cert];
}
if ($audit_report == 'disabled') {
$template_variables['AuditReportStatus'] = 'Disabled';
$template_variables['AuditReportSwitchText'] = 'Enable';
$template_variables['AuditReportSwitchValue'] = 'enable';
$template_variables['AuditReportSwitchCssClass'] = 'button-success';
}
if ($revproxy == 'disabled') {
$template_variables['ReverseProxyStatus'] = 'Disabled';
$template_variables['ReverseProxySwitchText'] = 'Enable';
$template_variables['ReverseProxySwitchValue'] = 'enable';
$template_variables['ReverseProxySwitchCssClass'] = 'button-success';
}
if ($dns_lookups == 'disabled') {
$template_variables['DnsLookupsStatus'] = 'Disabled';
$template_variables['DnsLookupsSwitchText'] = 'Enable';
$template_variables['DnsLookupsSwitchValue'] = 'enable';
$template_variables['DnsLookupsSwitchCssClass'] = 'button-success';
}
if ($comment_monitor == 'disabled') {
$template_variables['CommentMonitorStatus'] = 'Disabled';
$template_variables['CommentMonitorSwitchText'] = 'Enable';
$template_variables['CommentMonitorSwitchValue'] = 'enable';
$template_variables['CommentMonitorSwitchCssClass'] = 'button-success';
}
if ($xhr_monitor == 'disabled') {
$template_variables['XhrMonitorStatus'] = 'Disabled';
$template_variables['XhrMonitorSwitchText'] = 'Enable';
$template_variables['XhrMonitorSwitchValue'] = 'enable';
$template_variables['XhrMonitorSwitchCssClass'] = 'button-success';
}
if (sucuriscan_collect_wrong_passwords() === true) {
$template_variables['CollectWrongPasswords'] = '<span class="sucuriscan-label-error">Yes, collect passwords</span>';
}
// Determine if the API calls with pass through a proxy or not.
if (class_exists('WP_HTTP_Proxy')) {
$wp_http_proxy = new WP_HTTP_Proxy();
if ($wp_http_proxy->is_enabled()) {
$proxy_host = SucuriScan::escape($wp_http_proxy->host());
$proxy_port = SucuriScan::escape($wp_http_proxy->port());
$proxy_username = SucuriScan::escape($wp_http_proxy->username());
$proxy_password = SucuriScan::escape($wp_http_proxy->password());
$template_variables['APIProxy.Host'] = $proxy_host;
$template_variables['APIProxy.Port'] = $proxy_port;
$template_variables['APIProxy.Username'] = $proxy_username;
$template_variables['APIProxy.Password'] = $proxy_password;
$template_variables['APIProxy.PasswordType'] = 'info';
$template_variables['APIProxy.PasswordText'] = 'hidden';
}
}
return SucuriScanTemplate::get_section('settings-general', $template_variables);
}
