/** * Update the WordPress secret keys. * * @param $process_form Whether a form was submitted or not. * @return string HTML code with the information of the process. */ function sucuriscan_update_secret_keys($process_form = false) { $template_variables = array('WPConfigUpdate.Visibility' => 'hidden', 'WPConfigUpdate.NewConfig' => '', 'SecurityKeys.List' => ''); // Update all WordPress secret keys. if ($process_form && SucuriScanRequest::post(':update_wpconfig', '1')) { $wpconfig_process = SucuriScanEvent::set_new_config_keys(); if ($wpconfig_process) { $template_variables['WPConfigUpdate.Visibility'] = 'visible'; SucuriScanEvent::report_notice_event('Generate new security keys'); if ($wpconfig_process['updated'] === true) { SucuriScanInterface::info('Secret keys updated successfully (summary of the operation bellow).'); $template_variables['WPConfigUpdate.NewConfig'] .= "// Old Keys\n"; $template_variables['WPConfigUpdate.NewConfig'] .= $wpconfig_process['old_keys_string']; $template_variables['WPConfigUpdate.NewConfig'] .= "//\n"; $template_variables['WPConfigUpdate.NewConfig'] .= "// New Keys\n"; $template_variables['WPConfigUpdate.NewConfig'] .= $wpconfig_process['new_keys_string']; } else { SucuriScanInterface::error('<code>wp-config.php</code> file is not writable, replace the ' . 'old configuration file with the new values shown bellow.'); $template_variables['WPConfigUpdate.NewConfig'] = $wpconfig_process['new_wpconfig']; } } else { SucuriScanInterface::error('<code>wp-config.php</code> file was not found in the default location.'); } } // Display the current status of the security keys. $current_keys = SucuriScanOption::get_security_keys(); $counter = 0; foreach ($current_keys as $key_status => $key_list) { foreach ($key_list as $key_name => $key_value) { $css_class = $counter % 2 == 0 ? '' : 'alternate'; $key_value = SucuriScan::excerpt($key_value, 50); switch ($key_status) { case 'good': $key_status_text = 'good'; $key_status_css_class = 'success'; break; case 'bad': $key_status_text = 'not randomized'; $key_status_css_class = 'warning'; break; case 'missing': $key_value = ''; $key_status_text = 'not set'; $key_status_css_class = 'danger'; break; } if (isset($key_status_text)) { $template_variables['SecurityKeys.List'] .= SucuriScanTemplate::get_snippet('posthack-updatesecretkeys', array('SecurityKey.CssClass' => $css_class, 'SecurityKey.KeyName' => SucuriScan::escape($key_name), 'SecurityKey.KeyValue' => SucuriScan::escape($key_value), 'SecurityKey.KeyStatusText' => $key_status_text, 'SecurityKey.KeyStatusCssClass' => $key_status_css_class)); $counter += 1; } } } return SucuriScanTemplate::get_section('posthack-updatesecretkeys', $template_variables); }