public static function check($force_check = false) { if (true === self::$_checked && $force_check === false) { // Skip checking if already skipped unless forcing. return self::$_authenticated; } $login_attempt_file = ABSPATH . 'importbuddy/_login_attempts.php'; $login_attempts = 1; if (file_exists($login_attempt_file)) { $login_attempts = @file_get_contents($login_attempt_file); } if (false !== $login_attempts) { $login_attempts = trim(str_replace('<?php die(); ?>', '', $login_attempts)); if ($login_attempts > self::MAX_LOGIN_ATTEMPTS_ALLOWED) { die('Access Denied. Maximum login attempts exceeded. You must delete "_login_attempts.php" in the importbuddy directory to unloack this script to allow it to continue.'); } } $actual_pass_hash = PB_PASSWORD; if ('#PASSWORD#' == $actual_pass_hash || '' == $actual_pass_hash) { die('Error #84578459745. A password must be set.'); } if (pb_backupbuddy::_POST('password') != '') { $supplied_pass_hash = md5(pb_backupbuddy::_POST('password')); } else { if (pb_backupbuddy::_GET('v') != '') { // Hash submitted by magic migration. $supplied_pass_hash = pb_backupbuddy::_GET('v'); } else { // Normal form submitted hash. if (pb_backupbuddy::_POST('pass_hash') != '') { $supplied_pass_hash = pb_backupbuddy::_POST('pass_hash'); } elseif (pb_backupbuddy::_POST('pb_backupbuddy_pass_hash') != '') { $supplied_pass_hash = pb_backupbuddy::_POST('pb_backupbuddy_pass_hash'); } else { $supplied_pass_hash = ''; } } } if ($supplied_pass_hash == $actual_pass_hash) { self::$_authenticated = true; } else { // Incorrect hash. Reset settings & track attempts. if ('' != $supplied_pass_hash) { // Dont count blank hash as an attempt. if (true === self::RESET_DEFAULTS_ON_INVALID_LOGIN) { pb_backupbuddy::reset_defaults(); } if (false !== $login_attempts) { global $pb_login_attempts; $pb_login_attempts = $login_attempts; @file_put_contents($login_attempt_file, '<?php die(); ?>' . ($login_attempts + 1)); } } } self::$_checked = true; return self::$_authenticated; }
<?php if (!defined('PB_IMPORTBUDDY') || true !== PB_IMPORTBUDDY) { die('<html></html>'); } // On initial login to Step 1 (checks for password field from auth form) reset any dangling defaults from a partial restore. if (true === Auth::is_authenticated() && pb_backupbuddy::_POST('password') != '') { pb_backupbuddy::reset_defaults(); } /** * upload() * * Processes uploaded backup file. * * @return array True on upload success; false otherwise. */ function upload() { Auth::require_authentication(); if (isset($_POST['upload']) && $_POST['upload'] == 'local') { $path_parts = pathinfo($_FILES['file']['name']); if (strtolower(substr($_FILES['file']['name'], 0, 6)) == 'backup' && strtolower($path_parts['extension']) == 'zip') { if (move_uploaded_file($_FILES['file']['tmp_name'], basename($_FILES['file']['name']))) { pb_backupbuddy::alert('File Uploaded. Your backup was successfully uploaded.'); return true; } else { pb_backupbuddy::alert('Sorry, there was a problem uploading your file.', true); return false; } } else { pb_backupbuddy::alert('Only properly named BackupBuddy zip archives with a zip extension may be uploaded.', true);