Exemple #1
0
 public static function check($force_check = false)
 {
     if (true === self::$_checked && $force_check === false) {
         // Skip checking if already skipped unless forcing.
         return self::$_authenticated;
     }
     $login_attempt_file = ABSPATH . 'importbuddy/_login_attempts.php';
     $login_attempts = 1;
     if (file_exists($login_attempt_file)) {
         $login_attempts = @file_get_contents($login_attempt_file);
     }
     if (false !== $login_attempts) {
         $login_attempts = trim(str_replace('<?php die(); ?>', '', $login_attempts));
         if ($login_attempts > self::MAX_LOGIN_ATTEMPTS_ALLOWED) {
             die('Access Denied. Maximum login attempts exceeded. You must delete "_login_attempts.php" in the importbuddy directory to unloack this script to allow it to continue.');
         }
     }
     $actual_pass_hash = PB_PASSWORD;
     if ('#PASSWORD#' == $actual_pass_hash || '' == $actual_pass_hash) {
         die('Error #84578459745. A password must be set.');
     }
     if (pb_backupbuddy::_POST('password') != '') {
         $supplied_pass_hash = md5(pb_backupbuddy::_POST('password'));
     } else {
         if (pb_backupbuddy::_GET('v') != '') {
             // Hash submitted by magic migration.
             $supplied_pass_hash = pb_backupbuddy::_GET('v');
         } else {
             // Normal form submitted hash.
             if (pb_backupbuddy::_POST('pass_hash') != '') {
                 $supplied_pass_hash = pb_backupbuddy::_POST('pass_hash');
             } elseif (pb_backupbuddy::_POST('pb_backupbuddy_pass_hash') != '') {
                 $supplied_pass_hash = pb_backupbuddy::_POST('pb_backupbuddy_pass_hash');
             } else {
                 $supplied_pass_hash = '';
             }
         }
     }
     if ($supplied_pass_hash == $actual_pass_hash) {
         self::$_authenticated = true;
     } else {
         // Incorrect hash. Reset settings & track attempts.
         if ('' != $supplied_pass_hash) {
             // Dont count blank hash as an attempt.
             if (true === self::RESET_DEFAULTS_ON_INVALID_LOGIN) {
                 pb_backupbuddy::reset_defaults();
             }
             if (false !== $login_attempts) {
                 global $pb_login_attempts;
                 $pb_login_attempts = $login_attempts;
                 @file_put_contents($login_attempt_file, '<?php die(); ?>' . ($login_attempts + 1));
             }
         }
     }
     self::$_checked = true;
     return self::$_authenticated;
 }
<?php

if (!defined('PB_IMPORTBUDDY') || true !== PB_IMPORTBUDDY) {
    die('<html></html>');
}
// On initial login to Step 1 (checks for password field from auth form) reset any dangling defaults from a partial restore.
if (true === Auth::is_authenticated() && pb_backupbuddy::_POST('password') != '') {
    pb_backupbuddy::reset_defaults();
}
/**
 *	upload()
 *
 *	Processes uploaded backup file.
 *
 *	@return		array		True on upload success; false otherwise.
 */
function upload()
{
    Auth::require_authentication();
    if (isset($_POST['upload']) && $_POST['upload'] == 'local') {
        $path_parts = pathinfo($_FILES['file']['name']);
        if (strtolower(substr($_FILES['file']['name'], 0, 6)) == 'backup' && strtolower($path_parts['extension']) == 'zip') {
            if (move_uploaded_file($_FILES['file']['tmp_name'], basename($_FILES['file']['name']))) {
                pb_backupbuddy::alert('File Uploaded. Your backup was successfully uploaded.');
                return true;
            } else {
                pb_backupbuddy::alert('Sorry, there was a problem uploading your file.', true);
                return false;
            }
        } else {
            pb_backupbuddy::alert('Only properly named BackupBuddy zip archives with a zip extension may be uploaded.', true);