function block_selected_ips($entries)
{
global $wpdb, $aio_wp_security;
if (is_array($entries)) {
if (isset($_REQUEST['_wp_http_referer'])) {
//Let's go through each entry and block IP
foreach ($entries as $id) {
$ip_address = get_user_meta($id, 'aiowps_registrant_ip', true);
$result = AIOWPSecurity_Blocking::add_ip_to_block_list($ip_address, 'registration_spam');
if ($result === false) {
$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::block_selected_ips() - could not block IP : {$ip_address}", 4);
}
}
$msg = __('The selected IP addresses were successfully added to the permanent block list!', 'all-in-one-wp-security-and-firewall');
$msg .= ' <a href="admin.php?page=' . AIOWPSEC_MAIN_MENU_SLUG . '&tab=tab4" target="_blank">' . __('View Blocked IPs', 'all-in-one-wp-security-and-firewall') . '</a>';
AIOWPSecurity_Admin_Menu::show_msg_updated_st($msg);
}
} elseif ($entries != NULL) {
$nonce = isset($_GET['aiowps_nonce']) ? $_GET['aiowps_nonce'] : '';
if (!isset($nonce) || !wp_verify_nonce($nonce, 'block_ip')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed for block IP operation of registered user!", 4);
die(__('Nonce check failed for block IP operation of registered user!', 'all-in-one-wp-security-and-firewall'));
}
//Block single IP
$result = AIOWPSecurity_Blocking::add_ip_to_block_list($entries, 'registration_spam');
if ($result === true) {
$msg = __('The selected IP was successfully added to the permanent block list!', 'all-in-one-wp-security-and-firewall');
$msg .= ' <a href="admin.php?page=' . AIOWPSEC_MAIN_MENU_SLUG . '&tab=tab4" target="_blank">' . __('View Blocked IPs', 'all-in-one-wp-security-and-firewall') . '</a>';
AIOWPSecurity_Admin_Menu::show_msg_updated_st($msg);
} else {
$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::block_selected_ips() - could not block IP: {$entries}", 4);
}
}
}
function delete_404_event_records($entries)
{
global $wpdb, $aio_wp_security;
$events_table = AIOWPSEC_TBL_EVENTS;
if (is_array($entries)) {
if (isset($_REQUEST['_wp_http_referer'])) {
//Delete multiple records
$entries = array_map('esc_sql', $entries);
//escape every array element
$id_list = "(" . implode(",", $entries) . ")";
//Create comma separate list for DB operation
$delete_command = "DELETE FROM " . $events_table . " WHERE id IN " . $id_list;
$result = $wpdb->query($delete_command);
if ($result != NULL) {
AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
}
}
} elseif ($entries != NULL) {
$nonce = isset($_GET['aiowps_nonce']) ? $_GET['aiowps_nonce'] : '';
if (!isset($nonce) || !wp_verify_nonce($nonce, 'delete_404_log')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed for delete selected 404 event logs operation!", 4);
die(__('Nonce check failed for delete selected 404 event logs operation!', 'aiowpsecurity'));
}
//Delete single record
$delete_command = "DELETE FROM " . $events_table . " WHERE id = '" . absint($entries) . "'";
//$delete_command = $wpdb->prepare("DELETE FROM $events_table WHERE id = %s", absint($entries));
$result = $wpdb->query($delete_command);
if ($result != NULL) {
AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
}
}
}
function unblock_ip_address($entries)
{
global $wpdb, $aio_wp_security;
if (is_array($entries)) {
if (isset($_REQUEST['_wp_http_referer'])) {
//Delete multiple records
$entries = array_filter($entries, 'is_numeric');
//discard non-numeric ID values
$id_list = "(" . implode(",", $entries) . ")";
//Create comma separate list for DB operation
$delete_command = "DELETE FROM " . AIOWPSEC_TBL_PERM_BLOCK . " WHERE id IN " . $id_list;
$result = $wpdb->query($delete_command);
if ($result != NULL) {
AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
}
}
} elseif ($entries != NULL) {
$nonce = isset($_GET['aiowps_nonce']) ? $_GET['aiowps_nonce'] : '';
if (!isset($nonce) || !wp_verify_nonce($nonce, 'unblock_ip')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed for unblock IP operation!", 4);
die(__('Nonce check failed for unblock IP operation!', 'all-in-one-wp-security-and-firewall'));
}
//Delete single record
$delete_command = "DELETE FROM " . AIOWPSEC_TBL_PERM_BLOCK . " WHERE id = '" . absint($entries) . "'";
$result = $wpdb->query($delete_command);
if ($result != NULL) {
AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
}
}
}
function block_spammer_ip_records($entries)
{
global $wpdb, $aio_wp_security;
$raw_banned_ip_list = $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses');
$currently_banned_ips = explode(PHP_EOL, $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses'));
if (is_array($entries)) {
//Bulk selection using checkboxes were used
foreach ($entries as $ip_add) {
if (!empty($currently_banned_ips) && !(sizeof($currently_banned_ips) == 1 && trim($currently_banned_ips[0]) == '')) {
//Check if the IP address is already in the blacklist. If not add it to the list.
if (!in_array($ip_add, $currently_banned_ips)) {
$raw_banned_ip_list .= PHP_EOL . $ip_add;
}
} else {
//if blacklist is currently empty just add all IP addresses to the list regardless
$raw_banned_ip_list .= PHP_EOL . $ip_add;
}
}
} else {
if ($entries != NULL) {
//individual entry where "block" link was clicked
//Check if the IP address is already in the blacklist. If not add it to the list.
if (!in_array($entries, $currently_banned_ips)) {
$raw_banned_ip_list .= PHP_EOL . $entries;
}
}
}
//Let's save the selected IP addresses to the blacklist config
$aio_wp_security->configs->set_value('aiowps_banned_ip_addresses', $raw_banned_ip_list);
//Save the blocked IP address config variable with the newly added addresses
$aio_wp_security->configs->save_config();
AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP addresses were saved in the blacklist configuration settings.', 'aiowpsecurity'));
//Let's check if the Enable Blacklisting flag has been set - If so, we will write the new data to the .htaccess file.
if ($aio_wp_security->configs->get_value('aiowps_enable_blacklisting') == '1') {
$write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
if ($write_result == -1) {
AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The plugin was unable to write to the .htaccess file. Please edit file manually.', 'aiowpsecurity'));
$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Blacklist_Menu - The plugin was unable to write to the .htaccess file.");
} else {
AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The .htaccess file was successfully modified to include the selected IP addresses.', 'aiowpsecurity'));
}
} else {
$blacklist_settings_link = '<a href="admin.php?page=' . AIOWPSEC_BLACKLIST_MENU_SLUG . '">Ban Users</a>';
$info_msg = '<p>' . __('NOTE: The .htaccess file was not modified because you have disabled the "Enable IP or User Agent Blacklisting" check box.', 'aiowpsecurity') . '<br />' . sprintf(__('To block these IP addresses you will need to enable the above flag in the %s menu', 'aiowpsecurity'), $blacklist_settings_link) . '</p>';
AIOWPSecurity_Admin_Menu::show_msg_updated_st($info_msg);
}
}
function delete_lockdown_records($entries)
{
global $wpdb;
$lockdown_table = AIOWPSEC_TBL_LOGIN_LOCKDOWN;
if (is_array($entries)) {
//Delete multiple records
$id_list = "(" . implode(",", $entries) . ")";
//Create comma separate list for DB operation
$delete_command = "DELETE FROM " . $lockdown_table . " WHERE id IN " . $id_list;
$result = $wpdb->query($delete_command);
if ($result != NULL) {
AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
}
} elseif ($entries != NULL) {
//Delete single record
$delete_command = "DELETE FROM " . $lockdown_table . " WHERE id = '" . absint($entries) . "'";
$result = $wpdb->query($delete_command);
if ($result != NULL) {
AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
}
}
}
function delete_lockdown_records($entries)
{
global $wpdb, $aio_wp_security;
$lockdown_table = AIOWPSEC_TBL_LOGIN_LOCKDOWN;
if (is_array($entries)) {
if (isset($_REQUEST['_wp_http_referer'])) {
//Delete multiple records
$id_list = "(" . implode(",", $entries) . ")";
//Create comma separate list for DB operation
$delete_command = "DELETE FROM " . $lockdown_table . " WHERE id IN " . $id_list;
$result = $wpdb->query($delete_command);
if ($result != NULL) {
AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
}
}
} elseif ($entries != NULL) {
$nonce = isset($_GET['aiowps_nonce']) ? $_GET['aiowps_nonce'] : '';
if (!isset($nonce) || !wp_verify_nonce($nonce, 'delete_lockdown_record')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed for delete lockdown record operation!", 4);
die(__('Nonce check failed for delete lockdown record operation!', 'aiowpsecurity'));
}
//Delete single record
$delete_command = "DELETE FROM " . $lockdown_table . " WHERE id = '" . absint($entries) . "'";
$result = $wpdb->query($delete_command);
if ($result != NULL) {
AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
}
}
}
function delete_selected_accounts($entries)
{
global $wpdb, $aio_wp_security;
if (is_array($entries)) {
//Let's go through each entry and delete account
foreach ($entries as $user_id) {
$result = wp_delete_user($user_id);
if ($result !== true) {
$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::delete_selected_accounts() - could not delete account ID: {$user_id}", 4);
}
}
AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected accounts were deleted successfully!', 'aiowpsecurity'));
} elseif ($entries != NULL) {
//Delete single account
$result = wp_delete_user($entries);
if ($result === true) {
AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected account was deleted successfully!', 'aiowpsecurity'));
} else {
$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::delete_selected_accounts() - could not delete account ID: {$entries}", 4);
}
}
}
function delete_selected_accounts($entries)
{
global $wpdb, $aio_wp_security;
if (is_array($entries)) {
if (isset($_REQUEST['_wp_http_referer'])) {
//Let's go through each entry and delete account
foreach ($entries as $user_id) {
$result = wp_delete_user($user_id);
if ($result !== true) {
$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::delete_selected_accounts() - could not delete account ID: {$user_id}", 4);
}
}
AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected accounts were deleted successfully!', 'aiowpsecurity'));
}
} elseif ($entries != NULL) {
$nonce = isset($_GET['aiowps_nonce']) ? $_GET['aiowps_nonce'] : '';
if (!isset($nonce) || !wp_verify_nonce($nonce, 'delete_user_acct')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed for delete registered user account operation!", 4);
die(__('Nonce check failed for delete registered user account operation!', 'aiowpsecurity'));
}
//Delete single account
$result = wp_delete_user($entries);
if ($result === true) {
AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected account was deleted successfully!', 'aiowpsecurity'));
} else {
$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::delete_selected_accounts() - could not delete account ID: {$entries}", 4);
}
}
}
static function disable_file_edits()
{
global $aio_wp_security;
$edit_file_config_entry_exists = false;
//Config file path
$config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path();
//Get wp-config.php file contents so we can check if the "DISALLOW_FILE_EDIT" variable already exists
$config_contents = file($config_file);
foreach ($config_contents as $line_num => $line) {
if (strpos($line, "'DISALLOW_FILE_EDIT', false")) {
$config_contents[$line_num] = str_replace('false', 'true', $line);
$edit_file_config_entry_exists = true;
//$this->show_msg_updated(__('Settings Saved - The ability to edit PHP files via the admin the panel has been DISABLED.', 'all-in-one-wp-security-and-firewall'));
} else {
if (strpos($line, "'DISALLOW_FILE_EDIT', true")) {
$edit_file_config_entry_exists = true;
//$this->show_msg_updated(__('Your system config file is already configured to disallow PHP file editing.', 'all-in-one-wp-security-and-firewall'));
return true;
}
}
//For wp-config.php files originating from early WP versions we will remove the closing php tag
if (strpos($line, "?>") !== false) {
$config_contents[$line_num] = str_replace("?>", "", $line);
}
}
if (!$edit_file_config_entry_exists) {
//Construct the config code which we will insert into wp-config.php
$new_snippet = '//Disable File Edits' . PHP_EOL;
$new_snippet .= 'define(\'DISALLOW_FILE_EDIT\', true);';
$config_contents[] = $new_snippet;
//Append the new snippet to the end of the array
}
//Make a backup of the config file
if (!AIOWPSecurity_Utility_File::backup_and_rename_wp_config($config_file)) {
AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Failed to make a backup of the wp-config.php file. This operation will not go ahead.', 'all-in-one-wp-security-and-firewall'));
//$aio_wp_security->debug_logger->log_debug("Disable PHP File Edit - Failed to make a backup of the wp-config.php file.",4);
return false;
} else {
//$this->show_msg_updated(__('A backup copy of your wp-config.php file was created successfully....', 'all-in-one-wp-security-and-firewall'));
}
//Now let's modify the wp-config.php file
if (AIOWPSecurity_Utility_File::write_content_to_file($config_file, $config_contents)) {
//$this->show_msg_updated(__('Settings Saved - Your system is now configured to not allow PHP file editing.', 'all-in-one-wp-security-and-firewall'));
return true;
} else {
//$this->show_msg_error(__('Operation failed! Unable to modify wp-config.php file!', 'all-in-one-wp-security-and-firewall'));
$aio_wp_security->debug_logger->log_debug("Disable PHP File Edit - Unable to modify wp-config.php", 4);
return false;
}
}
