function do_other_admin_side_init_tasks()
{
global $aio_wp_security;
//***New Feature improvement for Cookie Based Brute Force Protection***//
//The old "test cookie" used to be too easy to guess because someone could just read the code and get the value.
//So now we will drop a more secure test cookie using a 10 digit random string
if ($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention') == '1') {
// This code is for users who had this feature saved using an older release. This will drop the new more secure test cookie to the browser and will write it to the .htaccess file too
$test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
if (empty($test_cookie)) {
$random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
$test_cookie_name = 'aiowps_cookie_test_' . $random_suffix;
$aio_wp_security->configs->set_value('aiowps_cookie_brute_test', $test_cookie_name);
$aio_wp_security->configs->save_config();
//save the value
AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, "1");
//Write this new cookie to the .htaccess file
$res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
if ($res == -1) {
$aio_wp_security->debug_logger->log_debug("Error writing new test cookie with random suffix to .htaccess file!", 4);
}
}
}
//For cookie test form submission case
if (isset($_GET['page']) && $_GET['page'] == AIOWPSEC_BRUTE_FORCE_MENU_SLUG && isset($_GET['tab']) && $_GET['tab'] == 'tab2') {
global $aio_wp_security;
if (isset($_POST['aiowps_do_cookie_test_for_bfla'])) {
$random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
$test_cookie_name = 'aiowps_cookie_test_' . $random_suffix;
$aio_wp_security->configs->set_value('aiowps_cookie_brute_test', $test_cookie_name);
$aio_wp_security->configs->save_config();
//save the value
AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, "1");
$cur_url = "admin.php?page=" . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . "&tab=tab2";
$redirect_url = AIOWPSecurity_Utility::add_query_data_to_url($cur_url, 'aiowps_cookie_test', "1");
AIOWPSecurity_Utility::redirect_to_url($redirect_url);
}
if (isset($_POST['aiowps_enable_brute_force_attack_prevention'])) {
$brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
if (empty($brute_force_feature_secret_word)) {
$brute_force_feature_secret_word = "aiowps_secret";
}
AIOWPSecurity_Utility::set_cookie_value($brute_force_feature_secret_word, "1");
}
if (isset($_REQUEST['aiowps_cookie_test'])) {
$test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
$cookie_val = AIOWPSecurity_Utility::get_cookie_value($test_cookie);
if (empty($cookie_val)) {
$aio_wp_security->configs->set_value('aiowps_cookie_test_success', '');
} else {
$aio_wp_security->configs->set_value('aiowps_cookie_test_success', '1');
}
$aio_wp_security->configs->save_config();
//save the value
}
}
if (isset($_POST['aiowps_save_wp_config'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-save-wp-config-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on wp_config file save!", 4);
die("Nonce check failed on wp_config file save!");
}
$wp_config_path = AIOWPSecurity_Utility_File::get_wp_config_file_path();
$result = AIOWPSecurity_Utility_File::backup_and_rename_wp_config($wp_config_path);
//Backup the wp_config.php file
AIOWPSecurity_Utility_File::download_a_file_option1($wp_config_path, "wp-config-backup.txt");
}
//Handle export settings
if (isset($_POST['aiowps_export_settings'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-export-settings-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on export AIOWPS settings!", 4);
die("Nonce check failed on export AIOWPS settings!");
}
$config_data = get_option('aio_wp_security_configs');
$output = json_encode($config_data);
AIOWPSecurity_Utility_File::download_content_to_a_file($output);
}
}
function validate_change_username_form()
{
global $wpdb;
global $aio_wp_security;
$errors = '';
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-change-admin-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on admin username change operation!", 4);
die(__('Nonce check failed on admin username change operation!', 'aiowpsecurity'));
}
if (!empty($_POST['aiowps_new_user_name'])) {
$new_username = sanitize_text_field($_POST['aiowps_new_user_name']);
if (validate_username($new_username)) {
if (AIOWPSecurity_Utility::check_user_exists($new_username)) {
$errors .= __('Username ', 'aiowpsecurity') . $new_username . __(' already exists. Please enter another value. ', 'aiowpsecurity');
} else {
//let's check if currently logged in username is 'admin'
global $user_login;
get_currentuserinfo();
if (strtolower($user_login) == 'admin') {
$username_is_admin = TRUE;
} else {
$username_is_admin = FALSE;
}
//Now let's change the username
$result = $wpdb->query("UPDATE `" . $wpdb->users . "` SET user_login = '******' WHERE user_login='******';");
if (!$result) {
//There was an error updating the users table
$user_update_error = __('The database update operation of the user account failed!', 'aiowpsecurity');
//TODO## - add error logging here
$return_msg = '<div id="message" class="updated fade"><p>' . $user_update_error . '</p></div>';
return $return_msg;
}
//multisite considerations
if (AIOWPSecurity_Utility::is_multisite_install()) {
//process sitemeta if we're in a multi-site situation
$oldAdmins = $wpdb->get_var("SELECT meta_value FROM `" . $wpdb->sitemeta . "` WHERE meta_key = 'site_admins'");
$newAdmins = str_replace('5:"admin"', strlen($new_username) . ':"' . esc_sql($new_username) . '"', $oldAdmins);
$wpdb->query("UPDATE `" . $wpdb->sitemeta . "` SET meta_value = '" . esc_sql($newAdmins) . "' WHERE meta_key = 'site_admins'");
}
//If user is logged in with username "admin" then log user out and send to login page so they can login again
if ($username_is_admin) {
//Lets logout the user
$aio_wp_security->debug_logger->log_debug("Logging User Out with login " . $user_login . " because they changed their username.");
$after_logout_url = AIOWPSecurity_Utility::get_current_page_url();
$after_logout_payload = 'redirect_to=' . $after_logout_url . '&msg=' . $aio_wp_security->user_login_obj->key_login_msg . '=admin_user_changed';
//Place the handle for the login screen message in the URL
$encrypted_payload = base64_encode($after_logout_payload);
$logout_url = AIOWPSEC_WP_URL . '?aiowpsec_do_log_out=1';
$logout_url = AIOWPSecurity_Utility::add_query_data_to_url($logout_url, 'al_additional_data', $encrypted_payload);
AIOWPSecurity_Utility::redirect_to_url($logout_url);
}
}
} else {
//An invalid username was entered
$errors .= __('You entered an invalid username. Please enter another value. ', 'aiowpsecurity');
}
} else {
//No username value was entered
$errors .= __('Please enter a value for your username. ', 'aiowpsecurity');
}
if (strlen($errors) > 0) {
//We have some validation or other error
$return_msg = '<div id="message" class="error"><p>' . $errors . '</p></div>';
} else {
$return_msg = '<div id="message" class="updated fade"><p>' . __('Username Successfully Changed!', 'aiowpsecurity') . '</p></div>';
}
return $return_msg;
}
function do_additional_plugins_loaded_tasks()
{
global $aio_wp_security;
if (isset($_GET['aiowpsec_do_log_out'])) {
wp_logout();
if (isset($_GET['after_logout'])) {
$after_logout_url = esc_url($_GET['after_logout']);
AIOWPSecurity_Utility::redirect_to_url($after_logout_url);
}
$additional_data = strip_tags($_GET['al_additional_data']);
if (isset($additional_data)) {
$login_url = '';
//Check if rename login feature enabled
if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
if (get_option('permalink_structure')) {
$home_url = trailingslashit(home_url());
} else {
$home_url = trailingslashit(home_url()) . '?';
}
$login_url = $home_url . $aio_wp_security->configs->get_value('aiowps_login_page_slug');
} else {
$login_url = wp_login_url();
}
//Inspect the payload and do redirect to login page with a msg and redirect url
$logout_payload = AIOWPSecurity_Utility::is_multisite_install() ? get_site_transient('aiowps_logout_payload') : get_transient('aiowps_logout_payload');
if (!empty($logout_payload['redirect_to'])) {
$login_url = AIOWPSecurity_Utility::add_query_data_to_url($login_url, 'redirect_to', $logout_payload['redirect_to']);
}
if (!empty($logout_payload['msg'])) {
$login_url .= '&' . $logout_payload['msg'];
}
if (!empty($login_url)) {
AIOWPSecurity_Utility::redirect_to_url($login_url);
}
}
}
}
function aiowps_force_logout_action_handler()
{
global $aio_wp_security;
//$aio_wp_security->debug_logger->log_debug("Force Logout - Checking if any user need to be logged out...");
if ($aio_wp_security->configs->get_value('aiowps_enable_forced_logout') == '1') {
if (is_user_logged_in()) {
$current_user = wp_get_current_user();
$user_id = $current_user->ID;
$current_time = current_time('mysql');
$login_time = $this->get_wp_user_last_login_time($user_id);
$diff = strtotime($current_time) - strtotime($login_time);
$logout_time_interval_value = $aio_wp_security->configs->get_value('aiowps_logout_time_period');
$logout_time_interval_val_seconds = $logout_time_interval_value * 60;
if ($diff > $logout_time_interval_val_seconds) {
$aio_wp_security->debug_logger->log_debug("Force Logout - This user logged in more than (" . $logout_time_interval_value . ") minutes ago. Doing a force log out for the user with username: " . $current_user->user_login);
$this->wp_logout_action_handler();
//this will register the logout time/date in the logout_date column
$curr_page_url = AIOWPSecurity_Utility::get_current_page_url();
$after_logout_payload = array('redirect_to' => $curr_page_url, 'msg' => $this->key_login_msg . '=session_expired');
//Save some of the logout redirect data to a transient
AIOWPSecurity_Utility::is_multisite_install() ? set_site_transient('aiowps_logout_payload', $after_logout_payload, 30 * 60) : set_transient('aiowps_logout_payload', $after_logout_payload, 30 * 60);
$logout_url = AIOWPSEC_WP_URL . '?aiowpsec_do_log_out=1';
$logout_url = AIOWPSecurity_Utility::add_query_data_to_url($logout_url, 'al_additional_data', '1');
AIOWPSecurity_Utility::redirect_to_url($logout_url);
}
}
}
}
function do_additional_plugins_loaded_tasks()
{
if (isset($_GET['aiowpsec_do_log_out'])) {
wp_logout();
if (isset($_GET['after_logout'])) {
$after_logout_url = esc_url($_GET['after_logout']);
AIOWPSecurity_Utility::redirect_to_url($after_logout_url);
}
if (isset($_GET['al_additional_data'])) {
$payload = strip_tags($_GET['al_additional_data']);
$decoded_payload = base64_decode($payload);
parse_str($decoded_payload);
if (!empty($redirect_to)) {
$login_url = AIOWPSecurity_Utility::add_query_data_to_url(wp_login_url(), 'redirect_to', $redirect_to);
}
if (!empty($msg)) {
$login_url .= '&' . $msg;
}
if (!empty($login_url)) {
AIOWPSecurity_Utility::redirect_to_url($login_url);
}
}
}
}
function do_additional_plugins_loaded_tasks()
{
if (isset($_GET['aiowpsec_do_log_out'])) {
wp_logout();
if (isset($_GET['after_logout'])) {
$after_logout_url = esc_url($_GET['after_logout']);
AIOWPSecurity_Utility::redirect_to_url($after_logout_url);
}
$additional_data = strip_tags($_GET['al_additional_data']);
if (isset($additional_data)) {
$login_url = '';
//Inspect the payload and do redirect to login page with a msg and redirect url
$logout_payload = AIOWPSecurity_Utility::is_multisite_install() ? get_site_transient('aiowps_logout_payload') : get_transient('aiowps_logout_payload');
if (!empty($logout_payload['redirect_to'])) {
$login_url = AIOWPSecurity_Utility::add_query_data_to_url(wp_login_url(), 'redirect_to', $logout_payload['redirect_to']);
}
if (!empty($logout_payload['msg'])) {
$login_url .= '&' . $logout_payload['msg'];
}
if (!empty($login_url)) {
AIOWPSecurity_Utility::redirect_to_url($login_url);
}
}
}
}
function do_other_admin_side_init_tasks()
{
if (isset($_GET['page']) && $_GET['page'] == AIOWPSEC_BRUTE_FORCE_MENU_SLUG && isset($_GET['tab']) && $_GET['tab'] == 'tab2') {
global $aio_wp_security;
if (isset($_POST['aiowps_do_cookie_test_for_bfla'])) {
AIOWPSecurity_Utility::set_cookie_value("aiowps_cookie_test", "1");
$cur_url = "admin.php?page=" . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . "&tab=tab2";
$redirect_url = AIOWPSecurity_Utility::add_query_data_to_url($cur_url, "aiowps_cookie_test", "1");
AIOWPSecurity_Utility::redirect_to_url($redirect_url);
}
if (isset($_POST['aiowps_enable_brute_force_attack_prevention'])) {
$brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
if (empty($brute_force_feature_secret_word)) {
$brute_force_feature_secret_word = "aiowps_secret";
}
AIOWPSecurity_Utility::set_cookie_value($brute_force_feature_secret_word, "1");
}
if (isset($_REQUEST['aiowps_cookie_test'])) {
$cookie_val = AIOWPSecurity_Utility::get_cookie_value("aiowps_cookie_test");
if (empty($cookie_val)) {
$aio_wp_security->configs->set_value('aiowps_cookie_test_success', '');
} else {
$aio_wp_security->configs->set_value('aiowps_cookie_test_success', '1');
}
$aio_wp_security->configs->save_config();
//save the value
}
}
if (isset($_POST['aiowps_save_wp_config'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-save-wp-config-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on wp_config file save!", 4);
die("Nonce check failed on wp_config file save!");
}
$wp_config_path = ABSPATH . 'wp-config.php';
$result = AIOWPSecurity_Utility_File::backup_and_rename_wp_config($wp_config_path);
//Backup the wp_config.php file
AIOWPSecurity_Utility_File::download_a_file_option1($wp_config_path, "wp-config-backup.txt");
}
}
