function bps_wpadmin_htaccess_status_dashboard()
{
if (current_user_can('manage_options')) {
global $bps_version, $bps_last_version, $aitpro_bullet;
if (esc_html($_SERVER['REQUEST_METHOD']) != 'POST' && esc_html($_SERVER['QUERY_STRING']) != 'page=bulletproof-security/admin/system-info/system-info.php') {
$BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
if ($BPS_wpadmin_Options['bps_wpadmin_restriction'] == 'disabled') {
return;
}
$filename = ABSPATH . 'wp-admin/.htaccess';
$permsHtaccess = @substr(sprintf('%o', fileperms($filename)), -4);
$check_string = @file_get_contents($filename);
$section = @file_get_contents($filename, NULL, NULL, 3, 46);
$bps_wpadmin_upgrade = '';
$pattern10a = '/RewriteCond\\s%\\{THE_REQUEST\\}\\s(.*)\\?(.*)\\sHTTP\\/\\s\\[NC,OR\\]\\s*RewriteCond\\s%\\{THE_REQUEST\\}\\s(.*)\\*(.*)\\sHTTP\\/\\s\\[NC,OR\\]/';
$pattern10b = '/RewriteCond\\s%\\{THE_REQUEST\\}\\s.*\\?\\+\\(%20\\{1,\\}.*\\s*RewriteCond\\s%\\{THE_REQUEST\\}\\s.*\\+\\(.*\\*\\|%2a.*\\s\\[NC,OR\\]/';
$pattern10c = '/RewriteCond\\s%\\{THE_REQUEST\\}\\s\\(\\\\?.*%2a\\)\\+\\(%20\\+\\|\\\\s\\+.*HTTP\\(:\\/.*\\[NC,OR\\]/';
$pattern1 = '/(\\[|\\]|\\(|\\)|<|>)/s';
$pattern_amod = '/#\\sWPADMIN\\sDENY\\sBROWSER\\sACCESS\\sTO\\sFILES(.*\\s*){13,16}#\\sEND\\sBPS\\sWPADMIN\\sDENY\\sACCESS\\sTO\\sFILES/';
$BPSVpattern = '/BULLETPROOF\\s\\.[\\d](.*)WP-ADMIN/';
$BPSVreplace = "BULLETPROOF {$bps_version} WP-ADMIN";
if (!file_exists($filename)) {
// Setup Wizard Notice: not displayed. The Setup Wizard DB option is automatically saved in the root htaccess funcion on BPS plugin upgrades.
if (!get_option('bulletproof_security_options_wizard_free')) {
// display nothing. Notice is already displayed in the root htaccess function.
} else {
$text = '<div class="update-nag" style="background-color:#ffffe0;font-size:1em;font-weight:bold;padding:2px 5px;margin-top:2px;"><font color="red">' . __('BPS Alert! An htaccess file was NOT found in your WordPress wp-admin folder', 'bulletproof-security') . '</font><br>' . __('If you have deleted the wp-admin htaccess file for troubleshooting purposes you can disregard this Alert.', 'bulletproof-security') . '<br>' . __('After you are done troubleshooting ', 'bulletproof-security') . '</font><a href="admin.php?page=bulletproof-security/admin/wizard/wizard.php">' . __('Click Here', 'bulletproof-security') . '</a>' . __(' to go to the BPS Setup Wizard page and click the Setup Wizard button to setup the BPS plugin again.', 'bulletproof-security') . '<br>' . __('Important Note: If you deleted the wp-admin htaccess file due to bad/invalid Custom Code causing a problem then ', 'bulletproof-security') . '<a href="admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-7">' . __('Click Here', 'bulletproof-security') . '</a>' . __(' to go to the BPS Custom Code page, delete the bad/invalid wp-admin Custom Code and click the Save wp-admin Custom Code button before running the Setup Wizard again.', 'bulletproof-security') . '</div>';
echo $text;
}
} else {
if (file_exists($filename)) {
switch ($bps_version) {
case $bps_last_version:
// for Testing
if (strpos($check_string, "BULLETPROOF {$bps_last_version}") && strpos($check_string, "BPSQSE-check")) {
// echo or print for testing
}
break;
case !strpos($check_string, "BULLETPROOF"):
// Setup Wizard Notice: not displayed. The Setup Wizard DB option is automatically saved in the root htaccess funcion on BPS plugin upgrades.
if (!get_option('bulletproof_security_options_wizard_free')) {
// display nothing. Notice is already displayed in the root htaccess function.
} else {
$text = '<div class="update-nag" style="background-color:#ffffe0;font-size:1em;font-weight:bold;padding:2px 5px;margin-top:2px;"><font color="red">' . __('BPS Alert! Your wp-admin folder may not be protected by BulletProof Security', 'bulletproof-security') . '</font><br>' . __('he BPS version: BULLETPROOF .xx.x WP-ADMIN SECURE .HTACCESS line of code was not found at the top of your wp-admin htaccess file.', 'bulletproof-security') . '<br>' . __('The BPS version line of code MUST be at the very top of your wp-admin htaccess file.', 'bulletproof-security') . '<br><a href="admin.php?page=bulletproof-security/admin/wizard/wizard.php">' . __('Click Here', 'bulletproof-security') . '</a>' . __(' to go to the BPS Setup Wizard page and click the Setup Wizard button to setup the BPS plugin again.', 'bulletproof-security') . '<br>' . __('Important Note: If you manually added other htaccess code above the BPS version line of code in your wp-admin htaccess file, you can copy that code to BPS wp-admin Custom Code so that your code is saved in the correct place in the BPS wp-admin htaccess file. ', 'bulletproof-security') . '<br><a href="admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-7">' . __('Click Here', 'bulletproof-security') . '</a>' . __(' to go to the BPS Custom Code page, add your wp-admin custom htaccess code in an appropriate wp-admin Custom Code text box and click the Save wp-admin Custom Code button before running the Setup Wizard again.', 'bulletproof-security') . '</div>';
echo $text;
}
break;
case !strpos($check_string, "BULLETPROOF {$bps_version}") && strpos($check_string, "BPSQSE-check"):
// mod_authz_core forward/backward compatibility: create new htaccess files if needed
bpsPro_apache_mod_directive_check();
$CC_Options_wpadmin = get_option('bulletproof_security_options_customcode_WPA');
$Apache_Mod_options = get_option('bulletproof_security_options_apache_modules');
if (@substr($sapi_type, 0, 6) != 'apache' || @$permsHtaccess != '0666' || @$permsHtaccess != '0777') {
// Windows IIS, XAMPP, etc
@chmod($filename, 0644);
}
$stringReplace = @file_get_contents($filename);
$stringReplace = preg_replace($BPSVpattern, $BPSVreplace, $stringReplace);
if (preg_match($pattern_amod, $stringReplace, $matches) && $CC_Options_wpadmin['bps_customcode_deny_files_wpa'] == '' && $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'Yes') {
$stringReplace = preg_replace($pattern_amod, "# WPADMIN DENY BROWSER ACCESS TO FILES\n# Deny Browser access to /wp-admin/install.php\n# Use BPS Custom Code to modify/edit/change this code and to save it permanently.\n# To be able to view the install.php file from a Browser, replace 127.0.0.1 with your actual\n# current IP address. Comment out: #Require all denied and Uncomment: Require ip 127.0.0.1\n# Comment out: #Deny from all and Uncomment: Allow from 127.0.0.1\n# Note: The BPS System Info page displays which modules are loaded on your server.\n\n# BEGIN BPS WPADMIN DENY ACCESS TO FILES\n<FilesMatch \"^(install\\.php)\">\n<IfModule mod_authz_core.c>\nRequire all denied\n#Require ip 127.0.0.1\n</IfModule>\n\n<IfModule !mod_authz_core.c>\n<IfModule mod_access_compat.c>\nOrder Allow,Deny\nDeny from all\n#Allow from 127.0.0.1\n</IfModule>\n</IfModule>\n</FilesMatch>\n# END BPS WPADMIN DENY ACCESS TO FILES", $stringReplace);
} elseif (preg_match($pattern_amod, $stringReplace, $matches) && $CC_Options_wpadmin['bps_customcode_deny_files_wpa'] == '' && $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'No') {
$stringReplace = preg_replace($pattern_amod, "# WPADMIN DENY BROWSER ACCESS TO FILES\n# Deny Browser access to /wp-admin/install.php\n# Use BPS Custom Code to modify/edit/change this code and to save it permanently.\n# To be able to view the install.php file from a Browser, replace 127.0.0.1 with your actual\n# current IP address. Comment out: #Deny from all and Uncomment: Allow from 127.0.0.1\n# Note: The BPS System Info page displays which modules are loaded on your server.\n\n# BEGIN BPS WPADMIN DENY ACCESS TO FILES\n<FilesMatch \"^(install\\.php)\">\nOrder Allow,Deny\nDeny from all\n#Allow from 127.0.0.1\n</FilesMatch>\n# END BPS WPADMIN DENY ACCESS TO FILES", $stringReplace);
}
if (preg_match($pattern10a, $stringReplace, $matches)) {
$stringReplace = preg_replace($pattern10a, "RewriteCond %{THE_REQUEST} (\\?|\\*|%2a)+(%20+|\\\\\\s+|%20+\\\\\\s+|\\\\\\s+%20+|\\\\\\s+%20+\\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
}
if (preg_match($pattern10b, $stringReplace, $matches)) {
$stringReplace = preg_replace($pattern10b, "RewriteCond %{THE_REQUEST} (\\?|\\*|%2a)+(%20+|\\\\\\s+|%20+\\\\\\s+|\\\\\\s+%20+|\\\\\\s+%20+\\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
}
if (preg_match($pattern10c, $stringReplace, $matches)) {
$stringReplace = preg_replace($pattern10c, "RewriteCond %{THE_REQUEST} (\\?|\\*|%2a)+(%20+|\\\\\\s+|%20+\\\\\\s+|\\\\\\s+%20+|\\\\\\s+%20+\\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
}
if (preg_match($pattern1, $stringReplace, $matches)) {
$stringReplace = str_replace("RewriteCond %{QUERY_STRING} ^.*(\\[|\\]|\\(|\\)|<|>).* [NC,OR]", "RewriteCond %{QUERY_STRING} ^.*(\\(|\\)|<|>).* [NC,OR]", $stringReplace);
}
file_put_contents($filename, $stringReplace);
if (getBPSInstallTime() == getBPSwpadminHtaccessLasModTime_minutes() || getBPSInstallTime_plusone() == getBPSwpadminHtaccessLasModTime_minutes()) {
//print("Testing wp-admin auto-update");
$bps_wpadmin_upgrade = 'upgrade';
}
// end upgrade processing
break;
case strpos($check_string, "BULLETPROOF {$bps_version}") && strpos($check_string, "BPSQSE-check"):
$bps_status_display = get_option('bulletproof_security_options_status_display');
if ($bps_status_display['bps_status_display'] != 'Off') {
if (preg_match('/page=bulletproof-security/', esc_html($_SERVER['REQUEST_URI']), $matches)) {
$WBM = $aitpro_bullet . '<a href="admin.php?page=bulletproof-security/admin/core/core.php#WBM-Link" title="wp-admin Folder BulletProof Mode" style="text-decoration:none;">' . __('WBM', 'bulletproof-security') . '</a>: <font color="green"><strong>' . __('On', 'bulletproof-security') . '</strong></font>';
$WBM_str = str_replace("BULLETPROOF {$bps_version} WP-ADMIN SECURE .HTACCESS", "{$WBM}", $section);
echo '<div id="bps-status-display" style="float:left;font-weight:bold;margin:0px;">' . $WBM_str . '</div>';
}
}
break;
default:
if ($bps_wpadmin_upgrade != 'upgrade') {
$text = '<div class="update-nag" style="background-color:#ffffe0;font-size:1em;font-weight:bold;padding:2px 5px;margin-top:2px;"><font color="red">' . __('BPS Alert! A valid BPS htaccess file was NOT found in your wp-admin folder', 'bulletproof-security') . '</font><br>' . __('BulletProof Mode for the wp-admin folder should also be activated when you have BulletProof Mode activated for the Root folder.', 'bulletproof-security') . '<br>' . __('Check the BPS ', 'bulletproof-security') . '<a href="admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-2">' . __('Security Status page', 'bulletproof-security') . '</a>' . __(' to view your BPS Security Status information.', 'bulletproof-security') . '</div>';
echo $text;
}
}
}
}
}
}
}
_e('BulletProof Security ~ htaccess Core', 'bulletproof-security');
?>
</h2>
<div id="message" class="updated" style="border:1px solid #999999;margin-left:220px;background-color:#000;">
<?php
// HUD - Heads Up Display - Warnings and Error messages
echo bps_check_php_version_error();
echo bps_hud_check_bpsbackup();
echo bps_check_safemode();
echo @bps_w3tc_htaccess_check($plugin_var);
echo @bps_wpsc_htaccess_check($plugin_var);
// Apache IfModule htaccess file code check & creation: run on page load with 15 minute time restriction.
// System Info page: performs check in real-time without a 15 minute time restriction, but does not create htaccess files.
bpsPro_apache_mod_directive_check();
// default.htaccess, secure.htaccess, fwrite content for all WP site types
$bps_get_domain_root = bpsGetDomainRoot();
$bps_get_wp_root_default = bps_wp_get_root_folder();
// Replace ABSPATH = wp-content/plugins
$bps_plugin_dir = str_replace(ABSPATH, '', WP_PLUGIN_DIR);
// Replace ABSPATH = wp-content
$bps_wpcontent_dir = str_replace(ABSPATH, '', WP_CONTENT_DIR);
// Replace ABSPATH = wp-content/uploads
$wp_upload_dir = wp_upload_dir();
$bps_uploads_dir = str_replace(ABSPATH, '', $wp_upload_dir['basedir']);
$bps_topDiv = '<div id="message" class="updated" style="background-color:#ffffe0;font-size:1em;font-weight:bold;border:1px solid #999999; margin-left:220px;"><p>';
$bps_bottomDiv = '</p></div>';
// General all purpose "Settings Saved." message for forms
if (current_user_can('manage_options') && wp_script_is('bps-accordion', $list = 'queue')) {
if (@$_GET['settings-updated'] == true) {
function bpsSetupWizardPrechecks()
{
$successTextBegin = '<font color="green"><strong>';
$successMessage = __(' DB Table created Successfully!', 'bulletproof-security');
$successTextEnd = '</strong></font><br>';
$failTextBegin = '<font color="red"><strong>';
$failMessage = __('Error: Unable to create DB Table ', 'bulletproof-security');
$failTextEnd = '</strong></font><br>';
$sapi_type = php_sapi_name();
echo '<h3>' . __('Setup Wizard Pre-Installation Checks:', 'bulletproof-security') . '</h3>
<div style="font-size:12px;margin:-10px 0px 10px 0px;font-weight:bold;">' . __('If you see any Red font or Blue font messages displayed below, click the Read Me help button above and read the "Notes" help section before clicking the Setup Wizard button.', 'bulletproof-security') . '</div>';
echo '<div id="Wizard-background" style="max-height:250px;width:85%;overflow:auto;margin:0px;padding:10px;border:2px solid black;background-color:#ffffe0;">';
echo '<span class="setup-wizard-checks-text">';
if (@substr($sapi_type, 0, 6) != 'apache' && get_filesystem_method() == 'direct') {
echo $successTextBegin . __('Pass! Compatible Server Configuration: Server API: CGI | WP Filesystem API Method: direct.', 'bulletproof-security') . $successTextEnd;
} elseif (@substr($sapi_type, 0, 6) == 'apache' && preg_match('#\\\\#', ABSPATH, $matches) && get_filesystem_method() == 'direct') {
echo $successTextBegin . __('Pass! Compatible Server Configuration: Server Type Apache: XAMPP, WAMP, MAMP or LAMP | WP Filesystem API Method: direct.', 'bulletproof-security') . $successTextEnd;
} elseif (@substr($sapi_type, 0, 6) == 'apache' && !preg_match('#\\\\#', ABSPATH, $matches) && get_filesystem_method() == 'direct') {
echo $successTextBegin . __('Pass! Compatible Server Configuration: Server API: DSO | WP Filesystem API Method: direct.', 'bulletproof-security') . $successTextEnd;
} elseif (@substr($sapi_type, 0, 6) == 'apache' && get_filesystem_method() != 'direct') {
echo $failTextBegin . __('Server API: Apache DSO Server Configuration | WP Filesystem API Method: ', 'bulletproof-security') . get_filesystem_method() . $failTextEnd . '<br>' . __('Your Server type is DSO and the WP Filesystem API Method is NOT "direct". You can use the Setup Wizard, but you must first make some one-time manual changes to your website before running the Setup Wizard. Please click this Forum Link for instructions: ', 'bulletproof-security') . '<a href="http://forum.ait-pro.com/forums/topic/dso-setup-steps/" target="_blank" title="Link opens in a new Browser window"><strong>' . __('DSO Setup Steps', 'bulletproof-security') . '</a></strong><br><br>';
}
$memoryLimitM = get_cfg_var('memory_limit');
$memoryLimit = str_replace('M', '', $memoryLimitM);
if ($memoryLimit == '' || !$memoryLimitM) {
echo '<strong><font color="blue">' . __('Unable to get the PHP Configuration Memory Limit value from the Server. It is recommended that your PHP Configuration Memory Limit is set to at least 128M. Contact your Web Host and ask them what your PHP Configuration Memory Limit is for your website.', 'bulletproof-security') . '</font></strong><br>';
} else {
switch ($memoryLimit) {
case $memoryLimit >= '128':
echo $successTextBegin . __('Pass! PHP Configuration Memory Limit is set to: ', 'bulletproof-security') . $memoryLimit . 'M' . $successTextEnd;
break;
case $memoryLimit >= '64' && $memoryLimit < '128':
echo $successTextBegin . __('Pass! PHP Configuration Memory Limit is set to: ', 'bulletproof-security') . $memoryLimit . 'M. ' . __('It is recommended that you increase your memory limit to at least 128M. Contact your Web Host and ask them to increase your memory limit to the maximum memory limit setting allowed by your Host.', 'bulletproof-security') . $successTextEnd;
break;
case $memoryLimit > '0' && $memoryLimit < '64':
echo '<br>' . $failTextBegin . __('Error: Your PHP Configuration Memory Limit is set to: ', 'bulletproof-security') . $memoryLimit . 'M. ' . __('WordPress needs a bare minimum Memory Limit setting of 64M to perform well. Contact your Web Host and ask them to increase your memory limit to the maximum memory limit setting allowed by your Host.', 'bulletproof-security') . $failTextEnd . '<br>';
break;
}
}
// BPS .52.6: Pre-save UI Theme Skin with Blue Theme if DB option does not exist
bpsPro_presave_ui_theme_skin_options();
// PHP/php.ini htaccess code pre-check - Check if root .htaccess file has php.ini handler code and if that code has been added to BPS Custom Code
bpsSetupWizardPhpiniHandlerCheck();
// mod_authz_core forward/backward compatibility: create new htaccess files if needed
bpsPro_apache_mod_directive_check();
// writable checks:
// folders: /bps-backup/ and /htaccess/ folder
// files: default.htaccess, secure.htaccess and wpadmin-secure.htaccess
$htaccess_dir = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess';
$bps_backup_dir = WP_CONTENT_DIR . '/bps-backup';
$secureHtaccess = $htaccess_dir . '/secure.htaccess';
$wpadminHtaccess = $htaccess_dir . '/wpadmin-secure.htaccess';
$defaultHtaccess = $htaccess_dir . '/default.htaccess';
if (is_writable($htaccess_dir)) {
echo $successTextBegin . __('Pass! The ', 'bulletproof-security') . $htaccess_dir . __(' Folder is writable.', 'bulletproof-security') . $successTextEnd;
} else {
echo $failTextBegin . __('Error: The ', 'bulletproof-security') . $htaccess_dir . __(' Folder is NOT writable. If your Server type is DSO and the WP Filesystem API Method is NOT "direct" you can use the Setup Wizard, but you must first make some one-time manual changes to your website before running the Setup Wizard. Please click this Forum Link for instructions: ', 'bulletproof-security') . '<a href="http://forum.ait-pro.com/forums/topic/dso-setup-steps/" target="_blank" title="Link opens in a new Browser window"><strong>' . __('DSO Setup Steps', 'bulletproof-security') . '</a>' . __(' If your Server type is CGI check the folder permissions. Folder permissions should be either 755 or 705.', 'bulletproof-security') . $failTextEnd . '<br>';
}
if (is_writable($bps_backup_dir)) {
echo $successTextBegin . __('Pass! The ', 'bulletproof-security') . $bps_backup_dir . __(' Folder is writable.', 'bulletproof-security') . $successTextEnd;
} else {
echo $failTextBegin . __('Error: The ', 'bulletproof-security') . $bps_backup_dir . __(' Folder is NOT writable. If your Server type is DSO and the WP Filesystem API Method is NOT "direct" you can use the Setup Wizard, but you must first make some one-time manual changes to your website before running the Setup Wizard. Please click this Forum Link for instructions: ', 'bulletproof-security') . '<a href="http://forum.ait-pro.com/forums/topic/dso-setup-steps/" target="_blank" title="Link opens in a new Browser window"><strong>' . __('DSO Setup Steps', 'bulletproof-security') . '</a>' . __(' If your Server type is CGI check the folder permissions. Folder permissions should be either 755 or 705.', 'bulletproof-security') . $failTextEnd . '<br>';
}
if (is_writable($secureHtaccess)) {
echo $successTextBegin . __('Pass! The ', 'bulletproof-security') . $secureHtaccess . __(' File is writable.', 'bulletproof-security') . $successTextEnd;
} else {
echo $failTextBegin . __('Error: The ', 'bulletproof-security') . $secureHtaccess . __(' File is NOT writable. If your Server type is DSO and the WP Filesystem API Method is NOT "direct" you can use the Setup Wizard, but you must first make some one-time manual changes to your website before running the Setup Wizard. Please click this Forum Link for instructions: ', 'bulletproof-security') . '<a href="http://forum.ait-pro.com/forums/topic/dso-setup-steps/" target="_blank" title="Link opens in a new Browser window"><strong>' . __('DSO Setup Steps', 'bulletproof-security') . '</a>' . __(' If your Server type is CGI check the file permissions. File permissions should be either 644 or 604.', 'bulletproof-security') . $failTextEnd . '<br>';
}
if (is_writable($wpadminHtaccess)) {
echo $successTextBegin . __('Pass! The ', 'bulletproof-security') . $wpadminHtaccess . __(' File is writable.', 'bulletproof-security') . $successTextEnd;
} else {
echo $failTextBegin . __('Error: The ', 'bulletproof-security') . $wpadminHtaccess . __(' File is NOT writable. If your Server type is DSO and the WP Filesystem API Method is NOT "direct" you can use the Setup Wizard, but you must first make some one-time manual changes to your website before running the Setup Wizard. Please click this Forum Link for instructions: ', 'bulletproof-security') . '<a href="http://forum.ait-pro.com/forums/topic/dso-setup-steps/" target="_blank" title="Link opens in a new Browser window"><strong>' . __('DSO Setup Steps', 'bulletproof-security') . '</a>' . __(' If your Server type is CGI check the file permissions. File permissions should be either 644 or 604.', 'bulletproof-security') . $failTextEnd . '<br>';
}
if (is_writable($defaultHtaccess)) {
echo $successTextBegin . __('Pass! The ', 'bulletproof-security') . $defaultHtaccess . __(' File is writable.', 'bulletproof-security') . $successTextEnd;
} else {
echo $failTextBegin . __('Error: The ', 'bulletproof-security') . $defaultHtaccess . __(' File is NOT writable. If your Server type is DSO and the WP Filesystem API Method is NOT "direct" you can use the Setup Wizard, but you must first make some one-time manual changes to your website before running the Setup Wizard. Please click this Forum Link for instructions: ', 'bulletproof-security') . '<a href="http://forum.ait-pro.com/forums/topic/dso-setup-steps/" target="_blank" title="Link opens in a new Browser window"><strong>' . __('DSO Setup Steps', 'bulletproof-security') . '</a>' . __(' If your Server type is CGI check the file permissions. File permissions should be either 644 or 604.', 'bulletproof-security') . $failTextEnd . '<br>';
}
echo '</span>';
echo '</div>';
}
