function render_tab3()
{
global $aio_wp_security;
if (isset($_POST['aiowps_restore_wp_config_button'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-restore-wp-config-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on wp-config file restore!", 4);
die("Nonce check failed on wp-config file restore!");
}
if (empty($_POST['aiowps_wp_config_file'])) {
$this->show_msg_error(__('Please choose a wp-config.php file to restore from.', 'aiowpsecurity'));
} else {
//Let's copy the uploaded wp-config.php file into the active root file
$new_wp_config_file_path = trim($_POST['aiowps_wp_config_file']);
//Verify that file chosen is a wp-config.file
$is_wp_config = $this->check_if_wp_config_contents($new_wp_config_file_path);
if ($is_wp_config == 1) {
$active_root_wp_config = AIOWPSecurity_Utility_File::get_wp_config_file_path();
if (!copy($new_wp_config_file_path, $active_root_wp_config)) {
//Failed to make a backup copy
$aio_wp_security->debug_logger->log_debug("wp-config.php - Restore from backed up wp-config operation failed!", 4);
$this->show_msg_error(__('wp-config.php file restore failed. Please attempt to restore this file manually using FTP.', 'aiowpsecurity'));
} else {
$this->show_msg_updated(__('Your wp-config.php file has successfully been restored!', 'aiowpsecurity'));
}
} else {
$aio_wp_security->debug_logger->log_debug("wp-config.php restore failed - Contents of restore file appear invalid!", 4);
$this->show_msg_error(__('wp-config.php Restore operation failed! Please check the contents of the file you are trying to restore from.', 'aiowpsecurity'));
}
}
}
?>
<h2><?php
_e('wp-config.php File Operations', 'aiowpsecurity');
?>
</h2>
<div class="aio_blue_box">
<?php
echo '<p>' . __('Your "wp-config.php" file is one of the most important in your WordPress installation. It is a primary configuration file and contains crucial things such as details of your database and other critical components.', 'aiowpsecurity') . '
<br />' . __('This feature allows you to backup and save your currently active wp-config.php file should you need to re-use the the backed up file in the future.', 'aiowpsecurity') . '
<br />' . __('You can also restore your site\'s wp-config.php settings using a backed up wp-config.php file.', 'aiowpsecurity') . '
</p>';
?>
</div>
<?php
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
//Hide config settings if MS and not main site
AIOWPSecurity_Utility::display_multisite_message();
} else {
?>
<div class="postbox">
<h3><label for="title"><?php
_e('Save the current wp-config.php file', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-save-wp-config-nonce');
?>
<p class="description"><?php
_e('Click the button below to backup and download the contents of the currently active wp-config.php file.', 'aiowpsecurity');
?>
</p>
<input type="submit" name="aiowps_save_wp_config" value="<?php
_e('Backup wp-config.php File', 'aiowpsecurity');
?>
" class="button-primary" />
</form>
</div></div>
<div class="postbox">
<h3><label for="title"><?php
_e('Restore from a backed up wp-config file', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-restore-wp-config-nonce');
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('wp-config file to restore from', 'aiowpsecurity');
?>
:</th>
<td>
<input type="button" id="aiowps_wp_config_file_button" name="aiowps_wp_config_file_button" class="button rbutton" value="Select Your wp-config File" />
<input name="aiowps_wp_config_file" type="text" id="aiowps_wp_config_file" value="" size="80" />
<p class="description">
<?php
_e('After selecting your file click the button below to restore your site using the backed up wp-config file (wp-config.php.backup.txt).', 'aiowpsecurity');
?>
</p>
</td>
</tr>
</table>
<input type="submit" name="aiowps_restore_wp_config_button" value="<?php
_e('Restore wp-config File', 'aiowpsecurity');
?>
" class="button-primary" />
</form>
</div></div>
<div class="postbox">
<h3><label for="title"><?php
_e('View Contents of the currently active wp-config.php file', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<?php
$wp_config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path();
$wp_config_contents = AIOWPSecurity_Utility_File::get_file_contents($wp_config_file);
?>
<textarea class="aio_text_area_file_output aio_width_80 aio_spacer_10_tb" rows="20" readonly><?php
echo $wp_config_contents;
?>
</textarea>
</div></div>
<?php
}
//End if statement
}
function render_tab1()
{
global $aiowps_feature_mgr;
global $aio_wp_security;
include_once 'wp-security-list-registered-users.php';
//For rendering the AIOWPSecurity_List_Table
$user_list = new AIOWPSecurity_List_Registered_Users();
if (isset($_POST['aiowps_save_user_registration_settings'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-user-registration-settings-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on save user registration settings!", 4);
die("Nonce check failed on save user registration settings!");
}
//Save settings
$aio_wp_security->configs->set_value('aiowps_enable_manual_registration_approval', isset($_POST["aiowps_enable_manual_registration_approval"]) ? '1' : '');
//Commit the config settings
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_updated(__('Settings were successfully saved', 'all-in-one-wp-security-and-firewall'));
}
if (isset($_REQUEST['action'])) {
if ($_REQUEST['action'] == 'approve_acct') {
//Delete link was clicked for a row in list table
$user_list->approve_selected_accounts(strip_tags($_REQUEST['user_id']));
}
if ($_REQUEST['action'] == 'delete_acct') {
//Unlock link was clicked for a row in list table
$user_list->delete_selected_accounts(strip_tags($_REQUEST['user_id']));
}
}
?>
<h2><?php
_e('User Registration Settings', 'all-in-one-wp-security-and-firewall');
?>
</h2>
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-user-registration-settings-nonce');
?>
<div class="postbox">
<h3><label for="title"><?php
_e('Manually Approve New Registrations', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<div class="aio_blue_box">
<?php
echo '<p>' . __('If your site allows people to create their own accounts via the WordPress registration form, then you can minimize SPAM or bogus registrations by manually approving each registration.', 'all-in-one-wp-security-and-firewall') . '<br />' . __('This feature will automatically set a newly registered account to "pending" until the administrator activates it. Therefore undesirable registrants will be unable to log in without your express approval.', 'all-in-one-wp-security-and-firewall') . '<br />' . __('You can view all accounts which have been newly registered via the handy table below and you can also perform bulk activation/deactivation/deletion tasks on each account.', 'all-in-one-wp-security-and-firewall') . '</p>';
?>
</div>
<?php
//Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("manually-approve-registrations");
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
//Hide config settings if MS and not main site
AIOWPSecurity_Utility::display_multisite_message();
} else {
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Enable manual approval of new registrations', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input name="aiowps_enable_manual_registration_approval" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_manual_registration_approval') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to automatically disable all newly registered accounts so that you can approve them manually.', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
</table>
<?php
}
//End if statement
?>
<input type="submit" name="aiowps_save_user_registration_settings" value="<?php
_e('Save Settings', 'all-in-one-wp-security-and-firewall');
?>
" class="button-primary" />
</div></div>
</form>
<div class="postbox">
<h3><label for="title"><?php
_e('Approve Registered Users', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<?php
//Fetch, prepare, sort, and filter our data...
$user_list->prepare_items();
?>
<form id="tables-filter" method="get" onSubmit="return confirm('Are you sure you want to perform this bulk operation on the selected entries?');">
<!-- For plugins, we also need to ensure that the form posts back to our current page -->
<input type="hidden" name="page" value="<?php
echo esc_attr($_REQUEST['page']);
?>
" />
<!-- Now we can render the completed list table -->
<?php
$user_list->display();
?>
</div></div>
<?php
}
function render_tab1()
{
global $aiowps_feature_mgr;
global $aio_wp_security;
if (isset($_POST['aiowps_apply_comment_spam_prevention_settings'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-comment-spam-settings-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on save comment spam settings!", 4);
die("Nonce check failed on save comment spam settings!");
}
//Save settings
$random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20);
//Generate random 20 char string for use during captcha encode/decode
$aio_wp_security->configs->set_value('aiowps_captcha_secret_key', $random_20_digit_string);
$aio_wp_security->configs->set_value('aiowps_enable_comment_captcha', isset($_POST["aiowps_enable_comment_captcha"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_enable_spambot_blocking', isset($_POST["aiowps_enable_spambot_blocking"]) ? '1' : '');
//Commit the config settings
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
//Now let's write the applicable rules to the .htaccess file
$res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
if ($res) {
$this->show_msg_updated(__('Settings were successfully saved', 'aiowpsecurity'));
} else {
if ($res == -1) {
$this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'aiowpsecurity'));
}
}
}
?>
<h2><?php
_e('Comment SPAM Settings', 'aiowpsecurity');
?>
</h2>
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-comment-spam-settings-nonce');
?>
<div class="postbox">
<h3><label for="title"><?php
_e('Add Captcha To Comments Form', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<div class="aio_blue_box">
<?php
echo '<p>' . __('This feature will add a simple math captcha field in the WordPress comments form.', 'aiowpsecurity') . '<br />' . __('Adding a captcha field in the comment form is a simple way of greatly reducing SPAM comments from bots without using .htaccess rules.', 'aiowpsecurity') . '</p>';
?>
</div>
<?php
//Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("comment-form-captcha");
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
//Hide config settings if MS and not main site
AIOWPSecurity_Utility::display_multisite_message();
} else {
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Enable Captcha On Comment Forms', 'aiowpsecurity');
?>
:</th>
<td>
<input name="aiowps_enable_comment_captcha" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to insert a captcha field on the comment forms', 'aiowpsecurity');
?>
</span>
</td>
</tr>
</table>
<?php
}
//End if statement
?>
</div></div>
<div class="postbox">
<h3><label for="title"><?php
_e('Block Spambot Comments', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<div class="aio_blue_box">
<?php
echo '<p>' . __('A large portion of WordPress blog comment SPAM is mainly produced by automated bots and not necessarily by humans. ', 'aiowpsecurity') . '<br />' . __('This feature will greatly minimize the useless and unecessary traffic and load on your server resulting from SPAM comments by blocking all comment requests which do not originate from your domain.', 'aiowpsecurity') . '<br />' . __('In other words, if the comment was not submitted by a human who physically submitted the comment on your site, the request will be blocked.', 'aiowpsecurity') . '</p>';
?>
</div>
<?php
//Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("block-spambots");
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
//Hide config settings if MS and not main site
AIOWPSecurity_Utility::display_multisite_message();
} else {
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Block Spambots From Posting Comments', 'aiowpsecurity');
?>
:</th>
<td>
<input name="aiowps_enable_spambot_blocking" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_spambot_blocking') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to apply a firewall rule which will block comments originating from spambots.', 'aiowpsecurity');
?>
</span>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php
_e('More Info', 'aiowpsecurity');
?>
</span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">' . __('This feature will implement a firewall rule to block all comment attempts which do not originate from your domain.', 'aiowpsecurity') . '</p>';
echo '<p class="description">' . __('A legitimate comment is one which is submitted by a human who physically fills out the comment form and clicks the submit button. For such events, the HTTP_REFERRER is always set to your own domain.', 'aiowpsecurity') . '</p>';
echo '<p class="description">' . __('A comment submitted by a spambot is done by directly calling the comments.php file, which usually means that the HTTP_REFERRER value is not your domain and often times empty.', 'aiowpsecurity') . '</p>';
echo '<p class="description">' . __('This feature will check and block comment requests which are not referred by your domain thus greatly reducing your overall blog SPAM and PHP requests done by the server to process these comments.', 'aiowpsecurity') . '</p>';
?>
</div>
</td>
</tr>
</table>
<?php
}
//End if statement
?>
</div></div>
<input type="submit" name="aiowps_apply_comment_spam_prevention_settings" value="<?php
_e('Save Settings', 'aiowpsecurity');
?>
" class="button-primary" />
</form>
<?php
}
