function blacklist_ip_address($entries)
 {
     global $wpdb, $aio_wp_security;
     $bl_ip_addresses = $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses');
     //get the currently saved blacklisted IPs
     $ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($bl_ip_addresses);
     if (is_array($entries)) {
         //Get the selected IP addresses
         $id_list = "(" . implode(",", $entries) . ")";
         //Create comma separate list for DB operation
         $events_table = AIOWPSEC_TBL_EVENTS;
         $query = "SELECT ip_or_host FROM {$events_table} WHERE ID IN " . $id_list;
         $results = $wpdb->get_col($query);
         if (empty($results)) {
             AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Could not process the request because the IP addresses for the selected entries could not be found!', 'WPS'));
             return false;
         } else {
             foreach ($results as $entry) {
                 $ip_list_array[] = $entry;
             }
         }
     } elseif ($entries != NULL) {
         //Blacklist single record
         $ip_list_array[] = $entries;
     }
     $payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'blacklist');
     if ($payload[0] == 1) {
         //success case
         $result = 1;
         $list = $payload[1];
         $banned_ip_data = implode(PHP_EOL, $list);
         $aio_wp_security->configs->set_value('aiowps_enable_blacklisting', '1');
         //Force blacklist feature to be enabled
         $aio_wp_security->configs->set_value('aiowps_banned_ip_addresses', $banned_ip_data);
         $aio_wp_security->configs->save_config();
         //Save the configuration
         $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
         //now let's write to the .htaccess file
         if ($write_result == -1) {
             AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The plugin was unable to write to the .htaccess file. Please edit file manually.', 'aiowpsecurity'));
             $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Blacklist_Menu - The plugin was unable to write to the .htaccess file.");
         } else {
             AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP addresses have been added to the blacklist and will be permanently blocked!', 'WPS'));
         }
     } else {
         $result = -1;
         $error_msg = $payload[1][0];
         AIOWPSecurity_Admin_Menu::show_msg_error_st($error_msg);
     }
 }
    function render_tab1()
    {
        global $aio_wp_security;
        global $aiowps_feature_mgr;
        $result = 1;
        if (isset($_POST['aiowps_save_blacklist_settings'])) {
            $nonce = $_REQUEST['_wpnonce'];
            if (!wp_verify_nonce($nonce, 'aiowpsec-blacklist-settings-nonce')) {
                $aio_wp_security->debug_logger->log_debug("Nonce check failed for save blacklist settings!", 4);
                die(__('Nonce check failed for save blacklist settings!', 'all-in-one-wp-security-and-firewall'));
            }
            if (isset($_POST["aiowps_enable_blacklisting"]) && empty($_POST['aiowps_banned_ip_addresses']) && empty($_POST['aiowps_banned_user_agents'])) {
                $this->show_msg_error('You must submit at least one IP address or one User Agent value or both!', 'all-in-one-wp-security-and-firewall');
            } else {
                if (!empty($_POST['aiowps_banned_ip_addresses'])) {
                    $ip_addresses = $_POST['aiowps_banned_ip_addresses'];
                    $ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($ip_addresses);
                    $payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'blacklist');
                    if ($payload[0] == 1) {
                        //success case
                        $result = 1;
                        $list = $payload[1];
                        $banned_ip_data = implode(PHP_EOL, $list);
                        $aio_wp_security->configs->set_value('aiowps_banned_ip_addresses', $banned_ip_data);
                        $_POST['aiowps_banned_ip_addresses'] = '';
                        //Clear the post variable for the banned address list
                    } else {
                        $result = -1;
                        $error_msg = $payload[1][0];
                        $this->show_msg_error($error_msg);
                    }
                } else {
                    $aio_wp_security->configs->set_value('aiowps_banned_ip_addresses', '');
                    //Clear the IP address config value
                }
                if (!empty($_POST['aiowps_banned_user_agents'])) {
                    $result = $result * $this->validate_user_agent_list();
                } else {
                    //clear the user agent list
                    $aio_wp_security->configs->set_value('aiowps_banned_user_agents', '');
                }
                if ($result == 1) {
                    $aio_wp_security->configs->set_value('aiowps_enable_blacklisting', isset($_POST["aiowps_enable_blacklisting"]) ? '1' : '');
                    $aio_wp_security->configs->save_config();
                    //Save the configuration
                    //Recalculate points after the feature status/options have been altered
                    $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
                    $this->show_msg_settings_updated();
                    $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
                    //now let's write to the .htaccess file
                    if (!$write_result) {
                        $this->show_msg_error(__('The plugin was unable to write to the .htaccess file. Please edit file manually.', 'all-in-one-wp-security-and-firewall'));
                        $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Blacklist_Menu - The plugin was unable to write to the .htaccess file.");
                    }
                }
            }
        }
        ?>
        <h2><?php 
        _e('Ban IPs or User Agents', 'all-in-one-wp-security-and-firewall');
        ?>
</h2>
        <div class="aio_blue_box">
            <?php 
        echo '<p>' . __('The All In One WP Security Blacklist feature gives you the option of banning certain host IP addresses or ranges and also user agents.', 'all-in-one-wp-security-and-firewall') . '
            <br />' . __('This feature will deny total site access for users which have IP addresses or user agents matching those which you have configured in the settings below.', 'all-in-one-wp-security-and-firewall') . '
            <br />' . __('The plugin achieves this by making appropriate modifications to your .htaccess file.', 'all-in-one-wp-security-and-firewall') . '
            <br />' . __('By blocking people via the .htaccess file your are using the most secure first line of defence which denies all access to blacklisted visitors as soon as they hit your hosting server.', 'all-in-one-wp-security-and-firewall') . '
            </p>';
        ?>
        </div>
        <div class="aio_grey_box">
            <?php 
        $addon_link = '<strong><a href="http://www.site-scanners.com/country-blocking-addon/" target="_blank">Country Blocking Addon</a></strong>';
        $info_msg = sprintf(__('You may also be interested in our %s.', 'all-in-one-wp-security-and-firewall'), $addon_link);
        $info_msg2 = __('This addon allows you to automatically block IP addresses based on their country of origin.', 'all-in-one-wp-security-and-firewall');
        echo '<p>' . $info_msg . '<br />' . $info_msg2 . '</p>';
        ?>
        </div>

        <div class="postbox">
        <h3 class="hndle"><label for="title"><?php 
        _e('IP Hosts and User Agent Blacklist Settings', 'all-in-one-wp-security-and-firewall');
        ?>
</label></h3>
        <div class="inside">
        <?php 
        //Display security info badge
        global $aiowps_feature_mgr;
        $aiowps_feature_mgr->output_feature_details_badge("blacklist-manager-ip-user-agent-blacklisting");
        ?>
    
        <form action="" method="POST">
        <?php 
        wp_nonce_field('aiowpsec-blacklist-settings-nonce');
        ?>
        <div class="aio_orange_box">
            <p>
            <?php 
        $read_link = '<a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin#advanced_features_note" target="_blank">must read this message</a>';
        echo sprintf(__('This feature can lock you out of admin if it doesn\'t work correctly on your site. You %s before activating this feature.', 'all-in-one-wp-security-and-firewall'), $read_link);
        ?>
            </p>
        </div>            
        <table class="form-table">
            <tr valign="top">
                <th scope="row"><?php 
        _e('Enable IP or User Agent Blacklisting', 'all-in-one-wp-security-and-firewall');
        ?>
:</th>
                <td>
                <input name="aiowps_enable_blacklisting" type="checkbox"<?php 
        if ($aio_wp_security->configs->get_value('aiowps_enable_blacklisting') == '1') {
            echo ' checked="checked"';
        }
        ?>
 value="1"/>
                <span class="description"><?php 
        _e('Check this if you want to enable the banning (or blacklisting) of selected IP addresses and/or user agents specified in the settings below', 'all-in-one-wp-security-and-firewall');
        ?>
</span>
                </td>
            </tr>            
            <tr valign="top">
                <th scope="row"><?php 
        _e('Enter IP Addresses:', 'all-in-one-wp-security-and-firewall');
        ?>
</th>
                <td>
                    <textarea name="aiowps_banned_ip_addresses" rows="5" cols="50"><?php 
        echo $result == -1 ? htmlspecialchars($_POST['aiowps_banned_ip_addresses']) : htmlspecialchars($aio_wp_security->configs->get_value('aiowps_banned_ip_addresses'));
        ?>
</textarea>
                    <br />
                    <span class="description"><?php 
        _e('Enter one or more IP addresses or IP ranges.', 'all-in-one-wp-security-and-firewall');
        ?>
</span>
                    <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php 
        _e('More Info', 'all-in-one-wp-security-and-firewall');
        ?>
</span></span>
                    <div class="aiowps_more_info_body">
                            <?php 
        echo '<p class="description">' . __('Each IP address must be on a new line.', 'all-in-one-wp-security-and-firewall') . '</p>';
        echo '<p class="description">' . __('To specify an IP range use a wildcard "*" character. Acceptable ways to use wildcards is shown in the examples below:', 'all-in-one-wp-security-and-firewall') . '</p>';
        echo '<p class="description">' . __('Example 1: 195.47.89.*', 'all-in-one-wp-security-and-firewall') . '</p>';
        echo '<p class="description">' . __('Example 2: 195.47.*.*', 'all-in-one-wp-security-and-firewall') . '</p>';
        echo '<p class="description">' . __('Example 3: 195.*.*.*', 'all-in-one-wp-security-and-firewall') . '</p>';
        ?>
                    </div>

                </td>
            </tr>
            <tr valign="top">
                <th scope="row"><?php 
        _e('Enter User Agents:', 'all-in-one-wp-security-and-firewall');
        ?>
</th>
                <td>
                    <textarea name="aiowps_banned_user_agents" rows="5" cols="50"><?php 
        echo $result == -1 ? $_POST['aiowps_banned_user_agents'] : $aio_wp_security->configs->get_value('aiowps_banned_user_agents');
        ?>
</textarea>
                    <br />
                    <span class="description">
                        <?php 
        _e('Enter one or more user agent strings.', 'all-in-one-wp-security-and-firewall');
        ?>
</span>
                    <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php 
        _e('More Info', 'all-in-one-wp-security-and-firewall');
        ?>
</span></span>
                    <div class="aiowps_more_info_body">
                            <?php 
        echo '<p class="description">' . __('Each user agent string must be on a new line.', 'all-in-one-wp-security-and-firewall') . '</p>';
        echo '<p class="description">' . __('Example 1 - A single user agent string to block:', 'all-in-one-wp-security-and-firewall') . '</p>';
        echo '<p class="description">SquigglebotBot</p>';
        echo '<p class="description">' . __('Example 2 - A list of more than 1 user agent strings to block', 'all-in-one-wp-security-and-firewall') . '</p>';
        echo '<p class="description">baiduspider<br />SquigglebotBot<br />SurveyBot<br />VoidEYE<br />webcrawl.net<br />YottaShopping_Bot</p>';
        ?>
                    </div>

                </td>
            </tr>
        </table>
        <input type="submit" name="aiowps_save_blacklist_settings" value="<?php 
        _e('Save Settings', 'all-in-one-wp-security-and-firewall');
        ?>
" class="button-primary" />
        </form>
        </div></div>
        <?php 
    }
 function do_other_admin_side_init_tasks()
 {
     global $aio_wp_security;
     //***New Feature improvement for Cookie Based Brute Force Protection***//
     //The old "test cookie" used to be too easy to guess because someone could just read the code and get the value.
     //So now we will drop a more secure test cookie using a 10 digit random string
     if ($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention') == '1') {
         // This code is for users who had this feature saved using an older release. This will drop the new more secure test cookie to the browser and will write it to the .htaccess file too
         $test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
         if (empty($test_cookie)) {
             $random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
             $test_cookie_name = 'aiowps_cookie_test_' . $random_suffix;
             $aio_wp_security->configs->set_value('aiowps_cookie_brute_test', $test_cookie_name);
             $aio_wp_security->configs->save_config();
             //save the value
             AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, "1");
             //Write this new cookie to the .htaccess file
             $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
             if ($res == -1) {
                 $aio_wp_security->debug_logger->log_debug("Error writing new test cookie with random suffix to .htaccess file!", 4);
             }
         }
     }
     //For cookie test form submission case
     if (isset($_GET['page']) && $_GET['page'] == AIOWPSEC_BRUTE_FORCE_MENU_SLUG && isset($_GET['tab']) && $_GET['tab'] == 'tab2') {
         global $aio_wp_security;
         if (isset($_POST['aiowps_do_cookie_test_for_bfla'])) {
             $random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
             $test_cookie_name = 'aiowps_cookie_test_' . $random_suffix;
             $aio_wp_security->configs->set_value('aiowps_cookie_brute_test', $test_cookie_name);
             $aio_wp_security->configs->save_config();
             //save the value
             AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, "1");
             $cur_url = "admin.php?page=" . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . "&tab=tab2";
             $redirect_url = AIOWPSecurity_Utility::add_query_data_to_url($cur_url, 'aiowps_cookie_test', "1");
             AIOWPSecurity_Utility::redirect_to_url($redirect_url);
         }
         if (isset($_POST['aiowps_enable_brute_force_attack_prevention'])) {
             $brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
             if (empty($brute_force_feature_secret_word)) {
                 $brute_force_feature_secret_word = "aiowps_secret";
             }
             AIOWPSecurity_Utility::set_cookie_value($brute_force_feature_secret_word, "1");
         }
         if (isset($_REQUEST['aiowps_cookie_test'])) {
             $test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
             $cookie_val = AIOWPSecurity_Utility::get_cookie_value($test_cookie);
             if (empty($cookie_val)) {
                 $aio_wp_security->configs->set_value('aiowps_cookie_test_success', '');
             } else {
                 $aio_wp_security->configs->set_value('aiowps_cookie_test_success', '1');
             }
             $aio_wp_security->configs->save_config();
             //save the value
         }
     }
     if (isset($_POST['aiowps_save_wp_config'])) {
         $nonce = $_REQUEST['_wpnonce'];
         if (!wp_verify_nonce($nonce, 'aiowpsec-save-wp-config-nonce')) {
             $aio_wp_security->debug_logger->log_debug("Nonce check failed on wp_config file save!", 4);
             die("Nonce check failed on wp_config file save!");
         }
         $wp_config_path = AIOWPSecurity_Utility_File::get_wp_config_file_path();
         $result = AIOWPSecurity_Utility_File::backup_and_rename_wp_config($wp_config_path);
         //Backup the wp_config.php file
         AIOWPSecurity_Utility_File::download_a_file_option1($wp_config_path, "wp-config-backup.txt");
     }
     //Handle export settings
     if (isset($_POST['aiowps_export_settings'])) {
         $nonce = $_REQUEST['_wpnonce'];
         if (!wp_verify_nonce($nonce, 'aiowpsec-export-settings-nonce')) {
             $aio_wp_security->debug_logger->log_debug("Nonce check failed on export AIOWPS settings!", 4);
             die("Nonce check failed on export AIOWPS settings!");
         }
         $config_data = get_option('aio_wp_security_configs');
         $output = json_encode($config_data);
         AIOWPSecurity_Utility_File::download_content_to_a_file($output);
     }
 }
    function render_tab7()
    {
        global $aio_wp_security;
        if (isset($_POST['aiowps_save_custom_rules_settings'])) {
            $nonce = $_REQUEST['_wpnonce'];
            if (!wp_verify_nonce($nonce, 'aiowpsec-save-custom-rules-settings-nonce')) {
                $aio_wp_security->debug_logger->log_debug("Nonce check failed for save custom rules settings!", 4);
                die("Nonce check failed for save custom rules settings!");
            }
            //Save settings
            if (isset($_POST["aiowps_enable_custom_rules"]) && empty($_POST['aiowps_custom_rules'])) {
                $this->show_msg_error('You must enter some .htaccess directives code in the text box below', 'all-in-one-wp-security-and-firewall');
            } else {
                if (!empty($_POST['aiowps_custom_rules'])) {
                    // Undo magic quotes that are automatically added to `$_GET`,
                    // `$_POST`, `$_COOKIE`, and `$_SERVER` by WordPress as
                    // they corrupt any custom rule with backslash in it...
                    $custom_rules = stripslashes($_POST['aiowps_custom_rules']);
                } else {
                    $aio_wp_security->configs->set_value('aiowps_custom_rules', '');
                    //Clear the custom rules config value
                }
                $aio_wp_security->configs->set_value('aiowps_custom_rules', $custom_rules);
                $aio_wp_security->configs->set_value('aiowps_enable_custom_rules', isset($_POST["aiowps_enable_custom_rules"]) ? '1' : '');
                $aio_wp_security->configs->save_config();
                //Save the configuration
                $this->show_msg_settings_updated();
                $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
                //now let's write to the .htaccess file
                if (!$write_result) {
                    $this->show_msg_error(__('The plugin was unable to write to the .htaccess file. Please edit file manually.', 'all-in-one-wp-security-and-firewall'));
                    $aio_wp_security->debug_logger->log_debug("Custom Rules feature - The plugin was unable to write to the .htaccess file.");
                }
            }
        }
        ?>
        <h2><?php 
        _e('Custom .htaccess Rules Settings', 'all-in-one-wp-security-and-firewall');
        ?>
</h2>
        <form action="" method="POST">
            <?php 
        wp_nonce_field('aiowpsec-save-custom-rules-settings-nonce');
        ?>
            <div class="aio_blue_box">
                <?php 
        $info_msg = '';
        $info_msg .= '<p>' . __('This feature can be used to apply your own custom .htaccess rules and directives.', 'all-in-one-wp-security-and-firewall') . '</p>';
        $info_msg .= '<p>' . __('It is useful for when you want to tweak our existing firewall rules or when you want to add your own.', 'all-in-one-wp-security-and-firewall') . '</p>';
        $info_msg .= '<p>' . __('NOTE: This feature can only used if your site is hosted in an apache or similar web server.', 'all-in-one-wp-security-and-firewall') . '</p>';
        echo $info_msg;
        ?>
            </div>
            <div class="aio_yellow_box">
                <?php 
        $info_msg_2 = '<p>' . __('<strong>Warning</strong>: Only use this feature if you know what you are doing.', 'all-in-one-wp-security-and-firewall') . '</p>';
        $info_msg_2 .= '<p>' . __('Incorrect .htaccess rules or directives can break or prevent access to your site.', 'all-in-one-wp-security-and-firewall') . '</p>';
        $info_msg_2 .= '<p>' . __('It is your responsibility to ensure that you are entering the correct code!', 'all-in-one-wp-security-and-firewall') . '</p>';
        $info_msg_2 .= '<p>' . __('If you break your site you will need to access your server via FTP or something similar and then edit your .htaccess file and delete the changes you made.', 'all-in-one-wp-security-and-firewall') . '</p>';
        echo $info_msg_2;
        ?>
            </div>

            <div class="postbox">
                <h3 class="hndle"><label for="title"><?php 
        _e('Custom .htaccess Rules', 'all-in-one-wp-security-and-firewall');
        ?>
</label></h3>
                <div class="inside">
                    <table class="form-table">
                        <tr valign="top">
                            <th scope="row"><?php 
        _e('Enable Custom .htaccess Rules', 'all-in-one-wp-security-and-firewall');
        ?>
:</th>
                            <td>
                                <input name="aiowps_enable_custom_rules" type="checkbox"<?php 
        if ($aio_wp_security->configs->get_value('aiowps_enable_custom_rules') == '1') {
            echo ' checked="checked"';
        }
        ?>
 value="1"/>
                                <span class="description"><?php 
        _e('Check this if you want to enable custom rules entered in the text box below', 'all-in-one-wp-security-and-firewall');
        ?>
</span>
                            </td>
                        </tr>
                        <tr valign="top">
                            <th scope="row"><?php 
        _e('Enter Custom .htaccess Rules:', 'all-in-one-wp-security-and-firewall');
        ?>
</th>
                            <td>
                                <textarea name="aiowps_custom_rules" rows="35" cols="50"><?php 
        echo htmlspecialchars($aio_wp_security->configs->get_value('aiowps_custom_rules'));
        ?>
</textarea>
                                <br />
                                <span class="description"><?php 
        _e('Enter your custom .htaccess rules/directives.', 'all-in-one-wp-security-and-firewall');
        ?>
</span>
                            </td>
                        </tr>
                    </table>
                </div></div>
            <input type="submit" name="aiowps_save_custom_rules_settings" value="<?php 
        _e('Save Custom Rules', 'all-in-one-wp-security-and-firewall');
        ?>
" class="button-primary" />
        </form>
    <?php 
    }
    function render_tab4()
    {
        global $aio_wp_security;
        global $aiowps_feature_mgr;
        $result = 1;
        $your_ip_address = AIOWPSecurity_Utility_IP::get_user_ip_address();
        if (isset($_POST['aiowps_save_whitelist_settings'])) {
            $nonce = $_REQUEST['_wpnonce'];
            if (!wp_verify_nonce($nonce, 'aiowpsec-whitelist-settings-nonce')) {
                $aio_wp_security->debug_logger->log_debug("Nonce check failed for save whitelist settings!", 4);
                die(__('Nonce check failed for save whitelist settings!', 'all-in-one-wp-security-and-firewall'));
            }
            if (isset($_POST["aiowps_enable_whitelisting"]) && empty($_POST['aiowps_allowed_ip_addresses'])) {
                $this->show_msg_error('You must submit at least one IP address!', 'all-in-one-wp-security-and-firewall');
            } else {
                if (!empty($_POST['aiowps_allowed_ip_addresses'])) {
                    $ip_addresses = $_POST['aiowps_allowed_ip_addresses'];
                    $ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($ip_addresses);
                    $payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'whitelist');
                    if ($payload[0] == 1) {
                        //success case
                        $result = 1;
                        $list = $payload[1];
                        $whitelist_ip_data = implode(PHP_EOL, $list);
                        $aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses', $whitelist_ip_data);
                        $_POST['aiowps_allowed_ip_addresses'] = '';
                        //Clear the post variable for the banned address list
                    } else {
                        $result = -1;
                        $error_msg = htmlspecialchars($payload[1][0]);
                        $this->show_msg_error($error_msg);
                    }
                } else {
                    $aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses', '');
                    //Clear the IP address config value
                }
                if ($result == 1) {
                    $aio_wp_security->configs->set_value('aiowps_enable_whitelisting', isset($_POST["aiowps_enable_whitelisting"]) ? '1' : '');
                    $aio_wp_security->configs->save_config();
                    //Save the configuration
                    //Recalculate points after the feature status/options have been altered
                    $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
                    $this->show_msg_settings_updated();
                    $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
                    //now let's write to the .htaccess file
                    if (!$write_result) {
                        $this->show_msg_error(__('The plugin was unable to write to the .htaccess file. Please edit file manually.', 'all-in-one-wp-security-and-firewall'));
                        $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_whitelist_Menu - The plugin was unable to write to the .htaccess file.");
                    }
                }
            }
        }
        ?>
        <h2><?php 
        _e('Login Whitelist', 'all-in-one-wp-security-and-firewall');
        ?>
</h2>
        <div class="aio_blue_box">
            <?php 
        echo '<p>' . __('The All In One WP Security Whitelist feature gives you the option of only allowing certain IP addresses or ranges to have access to your WordPress login page.', 'all-in-one-wp-security-and-firewall') . '
            <br />' . __('This feature will deny login access for all IP addresses which are not in your whitelist as configured in the settings below.', 'all-in-one-wp-security-and-firewall') . '
            <br />' . __('The plugin achieves this by writing the appropriate directives to your .htaccess file.', 'all-in-one-wp-security-and-firewall') . '
            <br />' . __('By allowing/blocking IP addresses via the .htaccess file your are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page.', 'all-in-one-wp-security-and-firewall') . '
            </p>';
        ?>
        </div>
        <div class="aio_yellow_box">
            <?php 
        $brute_force_login_feature_link = '<a href="admin.php?page=' . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . '&tab=tab2" target="_blank">Cookie-Based Brute Force Login Prevention</a>';
        $rename_login_feature_link = '<a href="admin.php?page=' . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . '&tab=tab1" target="_blank">Rename Login Page</a>';
        echo '<p>' . sprintf(__('Attention: If in addition to enabling the white list feature, you also have one of the %s or %s features enabled, <strong>you will still need to use your secret word or special slug in the URL when trying to access your WordPress login page</strong>.', 'all-in-one-wp-security-and-firewall'), $brute_force_login_feature_link, $rename_login_feature_link) . '</p>
            <p>' . __('These features are NOT functionally related. Having both of them enabled on your site means you are creating 2 layers of security.', 'all-in-one-wp-security-and-firewall') . '</p>';
        ?>
        </div>

        <div class="postbox">
        <h3 class="hndle"><label for="title"><?php 
        _e('Login IP Whitelist Settings', 'all-in-one-wp-security-and-firewall');
        ?>
</label></h3>
        <div class="inside">
        <?php 
        //Display security info badge
        global $aiowps_feature_mgr;
        $aiowps_feature_mgr->output_feature_details_badge("whitelist-manager-ip-login-whitelisting");
        ?>
    
        <form action="" method="POST">
        <?php 
        wp_nonce_field('aiowpsec-whitelist-settings-nonce');
        ?>
            
        <table class="form-table">
            <tr valign="top">
                <th scope="row"><?php 
        _e('Enable IP Whitelisting', 'all-in-one-wp-security-and-firewall');
        ?>
:</th>
                <td>
                <input name="aiowps_enable_whitelisting" type="checkbox"<?php 
        if ($aio_wp_security->configs->get_value('aiowps_enable_whitelisting') == '1') {
            echo ' checked="checked"';
        }
        ?>
 value="1"/>
                <span class="description"><?php 
        _e('Check this if you want to enable the whitelisting of selected IP addresses specified in the settings below', 'all-in-one-wp-security-and-firewall');
        ?>
</span>
                </td>
            </tr>            
            <tr valign="top">
                <th scope="row"><?php 
        _e('Your Current IP Address', 'all-in-one-wp-security-and-firewall');
        ?>
:</th>
                <td>
                <input size="20" name="aiowps_user_ip" type="text" value="<?php 
        echo $your_ip_address;
        ?>
" readonly="readonly"/>
                <span class="description"><?php 
        _e('You can copy and paste this address in the text box below if you want to include it in your login whitelist.', 'all-in-one-wp-security-and-firewall');
        ?>
</span>
                </td>
            </tr>            
            <tr valign="top">
                <th scope="row"><?php 
        _e('Enter Whitelisted IP Addresses:', 'all-in-one-wp-security-and-firewall');
        ?>
</th>
                <td>
                    <textarea name="aiowps_allowed_ip_addresses" rows="5" cols="50"><?php 
        echo $result == -1 ? htmlspecialchars($_POST['aiowps_allowed_ip_addresses']) : htmlspecialchars($aio_wp_security->configs->get_value('aiowps_allowed_ip_addresses'));
        ?>
</textarea>
                    <br />
                    <span class="description"><?php 
        _e('Enter one or more IP addresses or IP ranges you wish to include in your whitelist. Only the addresses specified here will have access to the WordPress login page.', 'all-in-one-wp-security-and-firewall');
        ?>
</span>
                    <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php 
        _e('More Info', 'all-in-one-wp-security-and-firewall');
        ?>
</span></span>
                    <div class="aiowps_more_info_body">
                            <?php 
        echo '<p class="description"><strong>' . __('Each IP address must be on a new line.', 'all-in-one-wp-security-and-firewall') . '</strong></p>';
        echo '<p class="description">' . __('To specify an IPv4 range use a wildcard "*" character. Acceptable ways to use wildcards is shown in the examples below:', 'all-in-one-wp-security-and-firewall') . '</p>';
        echo '<p class="description">' . __('Example 1: 195.47.89.*', 'all-in-one-wp-security-and-firewall') . '</p>';
        echo '<p class="description">' . __('Example 2: 195.47.*.*', 'all-in-one-wp-security-and-firewall') . '</p>';
        echo '<p class="description">' . __('Example 3: 195.*.*.*', 'all-in-one-wp-security-and-firewall') . '</p>';
        echo '<p class="description">' . __('Or you can enter an IPv6 address (NOTE: ranges/wildcards are currently not supported for ipv6)', 'all-in-one-wp-security-and-firewall') . '</p>';
        echo '<p class="description">' . __('Example 4: 4102:0:3ea6:79fd:b:46f8:230f:bb05', 'all-in-one-wp-security-and-firewall') . '</p>';
        echo '<p class="description">' . __('Example 5: 2205:0:1ca2:810d::', 'all-in-one-wp-security-and-firewall') . '</p>';
        ?>
                    </div>

                </td>
            </tr>
        </table>
        <input type="submit" name="aiowps_save_whitelist_settings" value="<?php 
        _e('Save Settings', 'all-in-one-wp-security-and-firewall');
        ?>
" class="button-primary" />
        </form>
        </div></div>
        <?php 
    }
 static function reactivation_tasks()
 {
     global $aio_wp_security;
     $temp_cfgs = get_option('aiowps_temp_configs');
     if ($temp_cfgs !== FALSE) {
         //Case where previously installed plugin was reactivated
         //Let's copy the original configs back to the options table
         $updated = update_option('aio_wp_security_configs', $temp_cfgs);
         if ($updated === FALSE) {
             $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Installer::run_installer() - Update of option settings failed upon plugin activation!", 4);
         }
         $aio_wp_security->configs->configs = $temp_cfgs;
         //copy the original configs to memory
         //Now let's write any rules to the .htaccess file if necessary
         $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
         if ($res == -1) {
             $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Deactivation::run_deactivation_tasks() - Could not write to the .htaccess file. Please check the file permissions.", 4);
             return false;
         }
         delete_option('aiowps_temp_configs');
         return true;
     } else {
         $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Deactivation::run_deactivation_tasks() - Original config settings not found!", 4);
         return false;
     }
 }
 function block_spammer_ip_records($entries)
 {
     global $wpdb, $aio_wp_security;
     $raw_banned_ip_list = $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses');
     $currently_banned_ips = explode(PHP_EOL, $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses'));
     if (is_array($entries)) {
         //Bulk selection using checkboxes were used
         foreach ($entries as $ip_add) {
             if (!empty($currently_banned_ips) && !(sizeof($currently_banned_ips) == 1 && trim($currently_banned_ips[0]) == '')) {
                 //Check if the IP address is already in the blacklist. If not add it to the list.
                 if (!in_array($ip_add, $currently_banned_ips)) {
                     $raw_banned_ip_list .= PHP_EOL . $ip_add;
                 }
             } else {
                 //if blacklist is currently empty just add all IP addresses to the list regardless
                 $raw_banned_ip_list .= PHP_EOL . $ip_add;
             }
         }
     } else {
         if ($entries != NULL) {
             //individual entry where "block" link was clicked
             //Check if the IP address is already in the blacklist. If not add it to the list.
             if (!in_array($entries, $currently_banned_ips)) {
                 $raw_banned_ip_list .= PHP_EOL . $entries;
             }
         }
     }
     //Let's save the selected IP addresses to the blacklist config
     $aio_wp_security->configs->set_value('aiowps_banned_ip_addresses', $raw_banned_ip_list);
     //Save the blocked IP address config variable with the newly added addresses
     $aio_wp_security->configs->save_config();
     AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP addresses were saved in the blacklist configuration settings.', 'aiowpsecurity'));
     //Let's check if the Enable Blacklisting flag has been set - If so, we will write the new data to the .htaccess file.
     if ($aio_wp_security->configs->get_value('aiowps_enable_blacklisting') == '1') {
         $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
         if ($write_result == -1) {
             AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The plugin was unable to write to the .htaccess file. Please edit file manually.', 'aiowpsecurity'));
             $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Blacklist_Menu - The plugin was unable to write to the .htaccess file.");
         } else {
             AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The .htaccess file was successfully modified to include the selected IP addresses.', 'aiowpsecurity'));
         }
     } else {
         $blacklist_settings_link = '<a href="admin.php?page=' . AIOWPSEC_BLACKLIST_MENU_SLUG . '">Ban Users</a>';
         $info_msg = '<p>' . __('NOTE: The .htaccess file was not modified because you have disabled the "Enable IP or User Agent Blacklisting" check box.', 'aiowpsecurity') . '<br />' . sprintf(__('To block these IP addresses you will need to enable the above flag in the %s menu', 'aiowpsecurity'), $blacklist_settings_link) . '</p>';
         AIOWPSecurity_Admin_Menu::show_msg_updated_st($info_msg);
     }
 }
 static function turn_off_all_firewall_rules()
 {
     global $aio_wp_security;
     $aio_wp_security->configs->set_value('aiowps_enable_blacklisting', '');
     //Checkbox
     $aio_wp_security->configs->set_value('aiowps_enable_whitelisting', '');
     //Checkbox
     $aio_wp_security->configs->set_value('aiowps_enable_basic_firewall', '');
     //Checkbox
     $aio_wp_security->configs->set_value('aiowps_enable_pingback_firewall', '');
     //Checkbox
     $aio_wp_security->configs->set_value('aiowps_block_debug_log_file_access', '');
     //Checkbox
     $aio_wp_security->configs->set_value('aiowps_disable_index_views', '');
     //Checkbox
     $aio_wp_security->configs->set_value('aiowps_disable_trace_and_track', '');
     //Checkbox
     $aio_wp_security->configs->set_value('aiowps_forbid_proxy_comments', '');
     //Checkbox
     $aio_wp_security->configs->set_value('aiowps_deny_bad_query_strings', '');
     //Checkbox
     $aio_wp_security->configs->set_value('aiowps_advanced_char_string_filter', '');
     //Checkbox
     $aio_wp_security->configs->set_value('aiowps_enable_5g_firewall', '');
     //Checkbox
     $aio_wp_security->configs->set_value('aiowps_enable_6g_firewall', '');
     //Checkbox
     $aio_wp_security->configs->set_value('aiowps_enable_brute_force_attack_prevention', '');
     //Checkbox
     $aio_wp_security->configs->set_value('aiowps_enable_custom_rules', '');
     //Checkbox
     $aio_wp_security->configs->set_value('aiowps_custom_rules', '');
     $aio_wp_security->configs->set_value('aiowps_prevent_default_wp_file_access', '');
     //Checkbox
     $aio_wp_security->configs->set_value('aiowps_enable_spambot_blocking', '');
     //Checkbox
     //404 detection
     $aio_wp_security->configs->set_value('aiowps_enable_404_logging', '');
     //Checkbox
     $aio_wp_security->configs->set_value('aiowps_enable_404_IP_lockout', '');
     //Checkbox
     //Prevent Image Hotlinks
     $aio_wp_security->configs->set_value('aiowps_prevent_hotlinking', '');
     //Checkbox
     $aio_wp_security->configs->save_config();
     //Refresh the .htaccess file based on the new settings
     $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
     if ($res == -1) {
         $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Configure_Settings::turn_off_all_firewall_rules() - Could not write to the .htaccess file. Please check the file permissions.", 4);
     }
 }
    function render_tab3()
    {
        global $aio_wp_security;
        global $aiowps_feature_mgr;
        if (isset($_POST['aiowps_save_wp_file_access_settings'])) {
            $nonce = $_REQUEST['_wpnonce'];
            if (!wp_verify_nonce($nonce, 'aiowpsec-prevent-default-wp-file-access-nonce')) {
                $aio_wp_security->debug_logger->log_debug("Nonce check failed on enable basic firewall settings!", 4);
                die("Nonce check failed on enable basic firewall settings!");
            }
            //Save settings
            if (isset($_POST['aiowps_prevent_default_wp_file_access'])) {
                $aio_wp_security->configs->set_value('aiowps_prevent_default_wp_file_access', '1');
            } else {
                $aio_wp_security->configs->set_value('aiowps_prevent_default_wp_file_access', '');
            }
            //Commit the config settings
            $aio_wp_security->configs->save_config();
            //Recalculate points after the feature status/options have been altered
            $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
            //Now let's write the applicable rules to the .htaccess file
            $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
            if ($res) {
                $this->show_msg_updated(__('You have successfully saved the Prevent Access to Default WP Files configuration.', 'aiowpsecurity'));
            } else {
                if ($res == -1) {
                    $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'aiowpsecurity'));
                }
            }
        }
        ?>
        <h2><?php 
        _e('WordPress Files', 'aiowpsecurity');
        ?>
</h2>
        <div class="aio_blue_box">
            <?php 
        $info_msg = sprintf(__('This feature allows you to prevent access to files such as %s, %s and %s which are delivered with all WP installations.', 'aiowpsecurity'), 'readme.html', 'license.txt', 'wp-config-sample.php');
        echo '<p>' . $info_msg . '</p>' . '<p>' . __('By preventing access to these files you are hiding some key pieces of information (such as WordPress version info) from potential hackers.', 'aiowpsecurity') . '</p>';
        ?>
        </div>

        <div class="postbox">
        <h3><label for="title"><?php 
        _e('Prevent Access to Default WP Files', 'aiowpsecurity');
        ?>
</label></h3>
        <div class="inside">
        <?php 
        //Display security info badge
        global $aiowps_feature_mgr;
        $aiowps_feature_mgr->output_feature_details_badge("block-wp-files-access");
        ?>
        <form action="" method="POST">
        <?php 
        wp_nonce_field('aiowpsec-prevent-default-wp-file-access-nonce');
        ?>
            
        <table class="form-table">
            <tr valign="top">
                <th scope="row"><?php 
        _e('Prevent Access to WP Default Install Files', 'aiowpsecurity');
        ?>
:</th>                
                <td>
                <input name="aiowps_prevent_default_wp_file_access" type="checkbox"<?php 
        if ($aio_wp_security->configs->get_value('aiowps_prevent_default_wp_file_access') == '1') {
            echo ' checked="checked"';
        }
        ?>
 value="1"/>
                <span class="description"><?php 
        _e('Check this if you want to prevent access to readme.html, license.txt and wp-config-sample.php.', 'aiowpsecurity');
        ?>
</span>
                </td>
            </tr>            
        </table>
        <input type="submit" name="aiowps_save_wp_file_access_settings" value="<?php 
        _e('Save Setting', 'aiowpsecurity');
        ?>
" class="button-primary" />
        </form>
        </div></div>
        <?php 
    }
    function render_tab5()
    {
        global $aio_wp_security;
        global $wpdb;
        $events_table_name = AIOWPSEC_TBL_EVENTS;
        AIOWPSecurity_Utility::cleanup_table($events_table_name, 500);
        if (isset($_POST['aiowps_import_settings'])) {
            $nonce = $_REQUEST['_wpnonce'];
            if (!wp_verify_nonce($nonce, 'aiowpsec-import-settings-nonce')) {
                $aio_wp_security->debug_logger->log_debug("Nonce check failed on import AIOWPS settings!", 4);
                die("Nonce check failed on import AIOWPS settings!");
            }
            if (empty($_POST['aiowps_import_settings_file']) && empty($_POST['aiowps_import_settings_text'])) {
                $this->show_msg_error(__('Please choose a file to import your settings from.', 'aiowpsecurity'));
            } else {
                if (empty($_POST['aiowps_import_settings_file'])) {
                    $import_from = "text";
                } else {
                    $import_from = "file";
                }
                if ($import_from == "file") {
                    //Let's get the uploaded import file path
                    $submitted_import_file_path = trim($_POST['aiowps_import_settings_file']);
                    $attachment_id = AIOWPSecurity_Utility_File::get_attachment_id_from_url($submitted_import_file_path);
                    //we'll need this later for deleting
                    //Verify that file chosen has valid AIOWPS settings contents
                    $aiowps_settings_file_contents = $this->check_if_valid_aiowps_settings_file($submitted_import_file_path);
                } else {
                    //Get the string right from the textarea. Still confirm it's in the expected format.
                    $aiowps_settings_file_contents = $this->check_if_valid_aiowps_settings_text($_POST['aiowps_import_settings_text']);
                }
                if ($aiowps_settings_file_contents != -1) {
                    //Apply the settings and delete the file (if applicable)
                    $settings_array = json_decode($aiowps_settings_file_contents, true);
                    $aiowps_settings_applied = update_option('aio_wp_security_configs', $settings_array);
                    if (!$aiowps_settings_applied) {
                        //Failed to import settings
                        $aio_wp_security->debug_logger->log_debug("Import AIOWPS settings from " . $import_from . " operation failed!", 4);
                        $this->show_msg_error(__('Import AIOWPS settings from ' . $import_from . ' operation failed!', 'aiowpsecurity'));
                        if ($import_from == "file") {
                            //Delete the uploaded settings file for security purposes
                            wp_delete_attachment($attachment_id, true);
                            if (false === wp_delete_attachment($attachment_id, true)) {
                                $this->show_msg_error(__('The deletion of the import file failed. Please delete this file manually via the media menu for security purposes.', 'aiowpsecurity'));
                            } else {
                                $this->show_msg_updated(__('The file you uploaded was also deleted for security purposes because it contains security settings details.', 'aiowpsecurity'));
                            }
                        }
                    } else {
                        $aio_wp_security->configs->configs = $settings_array;
                        //Refresh the configs global variable
                        //Just in case user submits partial config settings
                        //Run add_option_values to make sure any missing config items are at least set to default
                        AIOWPSecurity_Configure_Settings::add_option_values();
                        if ($import_from == "file") {
                            //Delete the uploaded settings file for security purposes
                            wp_delete_attachment($attachment_id, true);
                            if (false === wp_delete_attachment($attachment_id, true)) {
                                $this->show_msg_updated(__('Your AIOWPS settings were successfully imported via file input.', 'aiowpsecurity'));
                                $this->show_msg_error(__('The deletion of the import file failed. Please delete this file manually via the media menu for security purposes because it contains security settings details.', 'aiowpsecurity'));
                            } else {
                                $this->show_msg_updated(__('Your AIOWPS settings were successfully imported. The file you uploaded was also deleted for security purposes because it contains security settings details.', 'aiowpsecurity'));
                            }
                        } else {
                            $this->show_msg_updated(__('Your AIOWPS settings were successfully imported via text entry.', 'aiowpsecurity'));
                        }
                        //Now let's refresh the .htaccess file with any modified rules if applicable
                        $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
                        if ($res == -1) {
                            $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'aiowpsecurity'));
                        }
                    }
                } else {
                    //Invalid settings file
                    $aio_wp_security->debug_logger->log_debug("The contents of your settings file appear invalid!", 4);
                    $this->show_msg_error(__('The contents of your settings file appear invalid. Please check the contents of the file you are trying to import settings from.', 'aiowpsecurity'));
                    if ($import_from == "file") {
                        //Let's also delete the uploaded settings file for security purposes
                        wp_delete_attachment($attachment_id, true);
                        if (false === wp_delete_attachment($attachment_id, true)) {
                            $this->show_msg_error(__('The deletion of the import file failed. Please delete this file manually via the media menu for security purposes.', 'aiowpsecurity'));
                        } else {
                            $this->show_msg_updated(__('The file you uploaded was also deleted for security purposes because it contains security settings details.', 'aiowpsecurity'));
                        }
                    }
                }
            }
        }
        ?>
        <h2><?php 
        _e('Export or Import Your AIOWPS Settings', 'aiowpsecurity');
        ?>
</h2>
        <div class="aio_blue_box">
            <?php 
        echo '<p>' . __('This section allows you to export or import your All In One WP Security & Firewall settings.', 'aiowpsecurity');
        echo '<br />' . __('This can be handy if you wanted to save time by applying the settings from one site to another site.', 'aiowpsecurity') . '
            <br />' . __('NOTE: Before importing, it is your responsibility to know what settings you are trying to import. Importing settings blindly can cause you to be locked out of your site.', 'aiowpsecurity') . '
            <br />' . __('For Example: If a settings item relies on the domain URL then it may not work correctly when imported into a site with a different domain.', 'aiowpsecurity') . '
            </p>';
        ?>
        </div>

        <div class="postbox">
        <h3><label for="title"><?php 
        _e('Export AIOWPS Settings', 'aiowpsecurity');
        ?>
</label></h3>
        <div class="inside">
        <form action="" method="POST">
        <?php 
        wp_nonce_field('aiowpsec-export-settings-nonce');
        ?>
        <table class="form-table">
            <tr valign="top">
            <span class="description"><?php 
        _e('To export your All In One WP Security & Firewall settings click the button below.', 'aiowpsecurity');
        ?>
</span>
            </tr>
        </table>
        <input type="submit" name="aiowps_export_settings" value="<?php 
        _e('Export AIOWPS Settings', 'aiowpsecurity');
        ?>
" class="button-primary" />
        </form>
        </div></div>
        <div class="postbox">
        <h3><label for="title"><?php 
        _e('Import AIOWPS Settings', 'aiowpsecurity');
        ?>
</label></h3>
        <div class="inside">
        <form action="" method="POST">
        <?php 
        wp_nonce_field('aiowpsec-import-settings-nonce');
        ?>
        <table class="form-table">
            <tr valign="top">
                <span class="description"><?php 
        _e('Use this section to import your All In One WP Security & Firewall settings from a file. Alternatively, copy/paste the contents of your import file into the textarea below.', 'aiowpsecurity');
        ?>
</span>
                <th scope="row"><?php 
        _e('Import File', 'aiowpsecurity');
        ?>
:</th>
                <td>
                    <input type="button" id="aiowps_import_settings_file_button" name="aiowps_import_settings_file_button" class="button rbutton" value="Select Your Import Settings File" />
                    <input name="aiowps_import_settings_file" type="text" id="aiowps_import_settings_file" value="" size="80" />
                    <p class="description">
                        <?php 
        _e('After selecting your file, click the button below to apply the settings to your site.', 'aiowpsecurity');
        ?>
                    </p>
                </td>
            </tr>
            <tr valign="top">
                <th scope="row"><?php 
        _e('Copy/Paste Import Data', 'aiowpsecurity');
        ?>
:</th>
                <td>
                    <textarea name="aiowps_import_settings_text" id="aiowps_import_settings_text" style="width:80%;height:140px;"></textarea>
                </td>
            </tr>
        </table>
        <input type="submit" name="aiowps_import_settings" value="<?php 
        _e('Import AIOWPS Settings', 'aiowpsecurity');
        ?>
" class="button-primary" />
        </form>
        </div></div>
    <?php 
    }
Esempio n. 11
0
    function render_tab1()
    {
        global $aiowps_feature_mgr;
        global $aio_wp_security;
        if (isset($_POST['aiowps_apply_comment_spam_prevention_settings'])) {
            $nonce = $_REQUEST['_wpnonce'];
            if (!wp_verify_nonce($nonce, 'aiowpsec-comment-spam-settings-nonce')) {
                $aio_wp_security->debug_logger->log_debug("Nonce check failed on save comment spam settings!", 4);
                die("Nonce check failed on save comment spam settings!");
            }
            //Save settings
            $random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20);
            //Generate random 20 char string for use during captcha encode/decode
            $aio_wp_security->configs->set_value('aiowps_captcha_secret_key', $random_20_digit_string);
            $aio_wp_security->configs->set_value('aiowps_enable_comment_captcha', isset($_POST["aiowps_enable_comment_captcha"]) ? '1' : '');
            $aio_wp_security->configs->set_value('aiowps_enable_spambot_blocking', isset($_POST["aiowps_enable_spambot_blocking"]) ? '1' : '');
            //Commit the config settings
            $aio_wp_security->configs->save_config();
            //Recalculate points after the feature status/options have been altered
            $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
            //Now let's write the applicable rules to the .htaccess file
            $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
            if ($res) {
                $this->show_msg_updated(__('Settings were successfully saved', 'aiowpsecurity'));
            } else {
                if ($res == -1) {
                    $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'aiowpsecurity'));
                }
            }
        }
        ?>
        <h2><?php 
        _e('Comment SPAM Settings', 'aiowpsecurity');
        ?>
</h2>
        <form action="" method="POST">
        <?php 
        wp_nonce_field('aiowpsec-comment-spam-settings-nonce');
        ?>
            

        <div class="postbox">
        <h3><label for="title"><?php 
        _e('Add Captcha To Comments Form', 'aiowpsecurity');
        ?>
</label></h3>
        <div class="inside">
        <div class="aio_blue_box">
            <?php 
        echo '<p>' . __('This feature will add a simple math captcha field in the WordPress comments form.', 'aiowpsecurity') . '<br />' . __('Adding a captcha field in the comment form is a simple way of greatly reducing SPAM comments from bots without using .htaccess rules.', 'aiowpsecurity') . '</p>';
        ?>
        </div>
        <?php 
        //Display security info badge
        $aiowps_feature_mgr->output_feature_details_badge("comment-form-captcha");
        if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
            //Hide config settings if MS and not main site
            AIOWPSecurity_Utility::display_multisite_message();
        } else {
            ?>
        <table class="form-table">
            <tr valign="top">
                <th scope="row"><?php 
            _e('Enable Captcha On Comment Forms', 'aiowpsecurity');
            ?>
:</th>                
                <td>
                <input name="aiowps_enable_comment_captcha" type="checkbox"<?php 
            if ($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1') {
                echo ' checked="checked"';
            }
            ?>
 value="1"/>
                <span class="description"><?php 
            _e('Check this if you want to insert a captcha field on the comment forms', 'aiowpsecurity');
            ?>
</span>
                </td>
            </tr>            
        </table>
        <?php 
        }
        //End if statement
        ?>
        </div></div>
            
        <div class="postbox">
        <h3><label for="title"><?php 
        _e('Block Spambot Comments', 'aiowpsecurity');
        ?>
</label></h3>
        <div class="inside">
        <div class="aio_blue_box">
            <?php 
        echo '<p>' . __('A large portion of WordPress blog comment SPAM is mainly produced by automated bots and not necessarily by humans. ', 'aiowpsecurity') . '<br />' . __('This feature will greatly minimize the useless and unecessary traffic and load on your server resulting from SPAM comments by blocking all comment requests which do not originate from your domain.', 'aiowpsecurity') . '<br />' . __('In other words, if the comment was not submitted by a human who physically submitted the comment on your site, the request will be blocked.', 'aiowpsecurity') . '</p>';
        ?>
        </div>
        <?php 
        //Display security info badge
        $aiowps_feature_mgr->output_feature_details_badge("block-spambots");
        if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
            //Hide config settings if MS and not main site
            AIOWPSecurity_Utility::display_multisite_message();
        } else {
            ?>
        <table class="form-table">
            <tr valign="top">
                <th scope="row"><?php 
            _e('Block Spambots From Posting Comments', 'aiowpsecurity');
            ?>
:</th>                
                <td>
                <input name="aiowps_enable_spambot_blocking" type="checkbox"<?php 
            if ($aio_wp_security->configs->get_value('aiowps_enable_spambot_blocking') == '1') {
                echo ' checked="checked"';
            }
            ?>
 value="1"/>
                <span class="description"><?php 
            _e('Check this if you want to apply a firewall rule which will block comments originating from spambots.', 'aiowpsecurity');
            ?>
</span>
                <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php 
            _e('More Info', 'aiowpsecurity');
            ?>
</span></span>
                <div class="aiowps_more_info_body">
                        <?php 
            echo '<p class="description">' . __('This feature will implement a firewall rule to block all comment attempts which do not originate from your domain.', 'aiowpsecurity') . '</p>';
            echo '<p class="description">' . __('A legitimate comment is one which is submitted by a human who physically fills out the comment form and clicks the submit button. For such events, the HTTP_REFERRER is always set to your own domain.', 'aiowpsecurity') . '</p>';
            echo '<p class="description">' . __('A comment submitted by a spambot is done by directly calling the comments.php file, which usually means that the HTTP_REFERRER value is not your domain and often times empty.', 'aiowpsecurity') . '</p>';
            echo '<p class="description">' . __('This feature will check and block comment requests which are not referred by your domain thus greatly reducing your overall blog SPAM and PHP requests done by the server to process these comments.', 'aiowpsecurity') . '</p>';
            ?>
                </div>
                </td>
            </tr>            
        </table>
        <?php 
        }
        //End if statement
        ?>
        </div></div>

        <input type="submit" name="aiowps_apply_comment_spam_prevention_settings" value="<?php 
        _e('Save Settings', 'aiowpsecurity');
        ?>
" class="button-primary" />
        </form>
        <?php 
    }
 /**
  * Refreshes the firewall rules in .htaccess file
  * eg: if permalink settings changed and white list enabled
  * @param $old_permalink_structure
  * @param $permalink_structure
  */
 function refresh_firewall_rules($old_permalink_structure, $permalink_structure)
 {
     global $aio_wp_security;
     //If white list enabled need to re-adjust the .htaccess rules
     if ($aio_wp_security->configs->get_value('aiowps_enable_whitelisting') == '1') {
         $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
         //now let's write to the .htaccess file
         if ($write_result == -1) {
             $this->show_msg_error(__('The plugin was unable to write to the .htaccess file. Please edit file manually.', 'all-in-one-wp-security-and-firewall'));
             $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_whitelist_Menu - The plugin was unable to write to the .htaccess file.");
         }
     }
 }
    function render_tab5()
    {
        global $aio_wp_security;
        global $aiowps_feature_mgr;
        if (isset($_POST['aiowps_save_prevent_hotlinking'])) {
            $nonce = $_REQUEST['_wpnonce'];
            if (!wp_verify_nonce($nonce, 'aiowpsec-prevent-hotlinking-nonce')) {
                $aio_wp_security->debug_logger->log_debug("Nonce check failed on prevent hotlinking options save!", 4);
                die("Nonce check failed on prevent hotlinking options save!");
            }
            $aio_wp_security->configs->set_value('aiowps_prevent_hotlinking', isset($_POST["aiowps_prevent_hotlinking"]) ? '1' : '');
            $aio_wp_security->configs->save_config();
            //Recalculate points after the feature status/options have been altered
            $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
            //Now let's write the applicable rules to the .htaccess file
            $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
            if ($res) {
                $this->show_msg_updated(__('Settings were successfully saved', 'aiowpsecurity'));
            } else {
                if ($res == -1) {
                    $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'aiowpsecurity'));
                }
            }
        }
        ?>
        <h2><?php 
        _e('Prevent Image Hotlinking', 'aiowpsecurity');
        ?>
</h2>
        <div class="aio_blue_box">
            <?php 
        echo '<p>' . __('A Hotlink is where someone displays an image on their site which is actually located on your site by using a direct link to the source of the image on your server.', 'aiowpsecurity');
        echo '<br />' . __('Due to the fact that the image being displayed on the other person\'s site is coming from your server, this can cause leaking of bandwidth and resources for you because your server has to present this image for the people viewing it on someone elses\'s site.', 'aiowpsecurity');
        echo '<br />' . __('This feature will prevent people from directly hotlinking images from your site\'s pages by writing some directives in your .htaccess file.', 'aiowpsecurity') . '</p>';
        ?>
        </div>

        <div class="postbox">
        <h3><label for="title"><?php 
        _e('Prevent Hotlinking', 'aiowpsecurity');
        ?>
</label></h3>
        <div class="inside">
        <?php 
        //Display security info badge
        global $aiowps_feature_mgr;
        $aiowps_feature_mgr->output_feature_details_badge("prevent-hotlinking");
        ?>

        <form action="" method="POST">
        <?php 
        wp_nonce_field('aiowpsec-prevent-hotlinking-nonce');
        ?>
            
        <table class="form-table">
            <tr valign="top">
                <th scope="row"><?php 
        _e('Prevent Image Hotlinking', 'aiowpsecurity');
        ?>
:</th>                
                <td>
                <input name="aiowps_prevent_hotlinking" type="checkbox"<?php 
        if ($aio_wp_security->configs->get_value('aiowps_prevent_hotlinking') == '1') {
            echo ' checked="checked"';
        }
        ?>
 value="1"/>
                <span class="description"><?php 
        _e('Check this if you want to prevent hotlinking to images on your site.', 'aiowpsecurity');
        ?>
</span>
                </td>
            </tr>            
        </table>
        <input type="submit" name="aiowps_save_prevent_hotlinking" value="<?php 
        _e('Save Settings', 'aiowpsecurity');
        ?>
" class="button-primary" />
        </form>
        </div></div>
    <?php 
    }
    function render_tab1()
    {
        global $aio_wp_security;
        if (isset($_POST['aiowpsec_disable_all_features'])) {
            $nonce = $_REQUEST['_wpnonce'];
            if (!wp_verify_nonce($nonce, 'aiowpsec-disable-all-features')) {
                $aio_wp_security->debug_logger->log_debug("Nonce check failed on disable all security features!", 4);
                die("Nonce check failed on disable all security features!");
            }
            AIOWPSecurity_Configure_Settings::turn_off_all_security_features();
            //Now let's clear the applicable rules from the .htaccess file
            $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
            //Now let's revert the disable editing setting in the wp-config.php file if necessary
            $res2 = AIOWPSecurity_Utility::enable_file_edits();
            if ($res) {
                $this->show_msg_updated(__('All the security features have been disabled successfully!', 'aiowpsecurity'));
            } else {
                if ($res == -1) {
                    $this->show_msg_error(__('Could not write to the .htaccess file. Please restore your .htaccess file manually using the restore functionality in the ".htaccess File".', 'aiowpsecurity'));
                }
            }
            if (!$res2) {
                $this->show_msg_error(__('Could not write to the wp-config.php. Please restore your wp-config.php file manually using the restore functionality in the "wp-config.php File".', 'aiowpsecurity'));
            }
        }
        if (isset($_POST['aiowpsec_disable_all_firewall_rules'])) {
            $nonce = $_REQUEST['_wpnonce'];
            if (!wp_verify_nonce($nonce, 'aiowpsec-disable-all-firewall-rules')) {
                $aio_wp_security->debug_logger->log_debug("Nonce check failed on disable all firewall rules!", 4);
                die("Nonce check failed on disable all firewall rules!");
            }
            AIOWPSecurity_Configure_Settings::turn_off_all_firewall_rules();
            //Now let's clear the applicable rules from the .htaccess file
            $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
            if ($res) {
                $this->show_msg_updated(__('All firewall rules have been disabled successfully!', 'aiowpsecurity'));
            } else {
                if ($res == -1) {
                    $this->show_msg_error(__('Could not write to the .htaccess file. Please restore your .htaccess file manually using the restore functionality in the ".htaccess File".', 'aiowpsecurity'));
                }
            }
        }
        ?>
        <div class="aio_grey_box">
 	<p>For information, updates and documentation, please visit the <a href="http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin" target="_blank">AIO WP Security & Firewall Plugin</a> Page.</p>
        <p><a href="http://www.tipsandtricks-hq.com/development-center" target="_blank">Follow us</a> on Twitter, Google+ or via Email to stay upto date about the new security features of this plugin.</p>
        </div>
        
        <div class="postbox">
        <h3><label for="title"><?php 
        _e('WP Security Plugin', 'aiowpsecurity');
        ?>
</label></h3>
        <div class="inside">
        <p><?php 
        _e('Thank you for using our WordPress security plugin. There are a lot of security features in this plugin.', 'aiowpsecurity');
        ?>
</p>
        <p><?php 
        _e('Go through each menu items and enable the security options to add more security to your site. Start by activating the basic features first.', 'aiowpsecurity');
        ?>
</p>
        <p><?php 
        _e('It is a good practice to take a backup of your .htaccess file, database and wp-config.php file before activating the security features. This plugin has options that you can use to backup those resources easily.', 'aiowpsecurity');
        ?>
</p>
        <p>
        <ul class="aiowps_admin_ul_grp1">
            <li><a href="admin.php?page=aiowpsec_database&tab=tab2" target="_blank"><?php 
        _e('Backup your database', 'aiowpsecurity');
        ?>
</a></li>
            <li><a href="admin.php?page=aiowpsec_settings&tab=tab2" target="_blank"><?php 
        _e('Backup .htaccess file', 'aiowpsecurity');
        ?>
</a></li>
            <li><a href="admin.php?page=aiowpsec_settings&tab=tab3" target="_blank"><?php 
        _e('Backup wp-config.php file', 'aiowpsecurity');
        ?>
</a></li>
        </ul>
        </p>
        </div></div>
        
        <div class="postbox">
        <h3><label for="title"><?php 
        _e('Disable Security Features', 'aiowpsecurity');
        ?>
</label></h3>
        <div class="inside">
        <form method="post" action="<?php 
        echo $_SERVER["REQUEST_URI"];
        ?>
">
        <?php 
        wp_nonce_field('aiowpsec-disable-all-features');
        ?>
        <div class="aio_blue_box">
            <?php 
        echo '<p>' . __('If you think that some plugin functionality on your site is broken due to a security feature you enabled in this plugin, then use the following option to turn off all the security features of this plugin.', 'aiowpsecurity') . '</p>';
        ?>
        </div>      
        <div class="submit">
            <input type="submit" class="button" name="aiowpsec_disable_all_features" value="<?php 
        _e('Disable All Security Features');
        ?>
" />
        </div>
        </form>   
        </div></div>

        <div class="postbox">
        <h3><label for="title"><?php 
        _e('Disable All Firewall Rules', 'aiowpsecurity');
        ?>
</label></h3>
        <div class="inside">
        <form method="post" action="<?php 
        echo $_SERVER["REQUEST_URI"];
        ?>
">
        <?php 
        wp_nonce_field('aiowpsec-disable-all-firewall-rules');
        ?>
        <div class="aio_blue_box">
            <?php 
        echo '<p>' . __('This feature will disable all firewall rules which are currently active in this plugin and it will also delete these rules from your .htacess file. Use it if you think one of the firewall rules is causing an issue on your site.', 'aiowpsecurity') . '</p>';
        ?>
        </div>      
        <div class="submit">
            <input type="submit" class="button" name="aiowpsec_disable_all_firewall_rules" value="<?php 
        _e('Disable All Firewall Rules');
        ?>
" />
        </div>
        </form>   
        </div></div>
        <?php 
    }