function generate_maths_question()
{
global $aio_wp_security;
//For now we will only do plus, minus, multiplication
$equation_string = '';
$operator_type = array('+', '−', '×');
$operand_display = array('word', 'number');
//let's now generate an equation
$operator = $operator_type[rand(0, 2)];
if ($operator === '×') {
//Don't make the question too hard if multiplication
$first_digit = rand(1, 5);
$second_digit = rand(1, 5);
} else {
$first_digit = rand(1, 20);
$second_digit = rand(1, 20);
}
if ($operand_display[rand(0, 1)] == 'word') {
$first_operand = $this->number_word_mapping($first_digit);
} else {
$first_operand = $first_digit;
}
if ($operand_display[rand(0, 1)] == 'word') {
$second_operand = $this->number_word_mapping($second_digit);
} else {
$second_operand = $second_digit;
}
//Let's caluclate the result and construct the equation string
if ($operator === '+') {
//Addition
$result = $first_digit + $second_digit;
$equation_string .= $first_operand . ' ' . $operator . ' ' . $second_operand . ' = ';
} else {
if ($operator === '−') {
//Subtraction
//If we are going to be negative let's swap operands around
if ($first_digit < $second_digit) {
$equation_string .= $second_operand . ' ' . $operator . ' ' . $first_operand . ' = ';
$result = $second_digit - $first_digit;
} else {
$equation_string .= $first_operand . ' ' . $operator . ' ' . $second_operand . ' = ';
$result = $first_digit - $second_digit;
}
} elseif ($operator === '×') {
//Multiplication
$equation_string .= $first_operand . ' ' . $operator . ' ' . $second_operand . ' = ';
$result = $first_digit * $second_digit;
}
}
//Let's encode correct answer
$captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
$current_time = time();
$enc_result = base64_encode($current_time . $captcha_secret_string . $result);
$random_str = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
AIOWPSecurity_Utility::is_multisite_install() ? set_site_transient('aiowps_captcha_string_info_' . $random_str, $enc_result, 30 * 60) : set_transient('aiowps_captcha_string_info_' . $random_str, $enc_result, 30 * 60);
$equation_string .= '<input type="hidden" name="aiowps-captcha-string-info" id="aiowps-captcha-string-info" value="' . $random_str . '" />';
$equation_string .= '<input type="hidden" name="aiowps-captcha-temp-string" id="aiowps-captcha-temp-string" value="' . $current_time . '" />';
$equation_string .= '<input type="text" size="2" id="aiowps-captcha-answer" name="aiowps-captcha-answer" value="" />';
return $equation_string;
}
function do_other_admin_side_init_tasks()
{
global $aio_wp_security;
//***New Feature improvement for Cookie Based Brute Force Protection***//
//The old "test cookie" used to be too easy to guess because someone could just read the code and get the value.
//So now we will drop a more secure test cookie using a 10 digit random string
if ($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention') == '1') {
// This code is for users who had this feature saved using an older release. This will drop the new more secure test cookie to the browser and will write it to the .htaccess file too
$test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
if (empty($test_cookie)) {
$random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
$test_cookie_name = 'aiowps_cookie_test_' . $random_suffix;
$aio_wp_security->configs->set_value('aiowps_cookie_brute_test', $test_cookie_name);
$aio_wp_security->configs->save_config();
//save the value
AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, "1");
//Write this new cookie to the .htaccess file
$res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
if ($res == -1) {
$aio_wp_security->debug_logger->log_debug("Error writing new test cookie with random suffix to .htaccess file!", 4);
}
}
}
//For cookie test form submission case
if (isset($_GET['page']) && $_GET['page'] == AIOWPSEC_BRUTE_FORCE_MENU_SLUG && isset($_GET['tab']) && $_GET['tab'] == 'tab2') {
global $aio_wp_security;
if (isset($_POST['aiowps_do_cookie_test_for_bfla'])) {
$random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
$test_cookie_name = 'aiowps_cookie_test_' . $random_suffix;
$aio_wp_security->configs->set_value('aiowps_cookie_brute_test', $test_cookie_name);
$aio_wp_security->configs->save_config();
//save the value
AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, "1");
$cur_url = "admin.php?page=" . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . "&tab=tab2";
$redirect_url = AIOWPSecurity_Utility::add_query_data_to_url($cur_url, 'aiowps_cookie_test', "1");
AIOWPSecurity_Utility::redirect_to_url($redirect_url);
}
if (isset($_POST['aiowps_enable_brute_force_attack_prevention'])) {
$brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
if (empty($brute_force_feature_secret_word)) {
$brute_force_feature_secret_word = "aiowps_secret";
}
AIOWPSecurity_Utility::set_cookie_value($brute_force_feature_secret_word, "1");
}
if (isset($_REQUEST['aiowps_cookie_test'])) {
$test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
$cookie_val = AIOWPSecurity_Utility::get_cookie_value($test_cookie);
if (empty($cookie_val)) {
$aio_wp_security->configs->set_value('aiowps_cookie_test_success', '');
} else {
$aio_wp_security->configs->set_value('aiowps_cookie_test_success', '1');
}
$aio_wp_security->configs->save_config();
//save the value
}
}
if (isset($_POST['aiowps_save_wp_config'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-save-wp-config-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on wp_config file save!", 4);
die("Nonce check failed on wp_config file save!");
}
$wp_config_path = AIOWPSecurity_Utility_File::get_wp_config_file_path();
$result = AIOWPSecurity_Utility_File::backup_and_rename_wp_config($wp_config_path);
//Backup the wp_config.php file
AIOWPSecurity_Utility_File::download_a_file_option1($wp_config_path, "wp-config-backup.txt");
}
//Handle export settings
if (isset($_POST['aiowps_export_settings'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-export-settings-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on export AIOWPS settings!", 4);
die("Nonce check failed on export AIOWPS settings!");
}
$config_data = get_option('aio_wp_security_configs');
$output = json_encode($config_data);
AIOWPSecurity_Utility_File::download_content_to_a_file($output);
}
}
function render_tab3()
{
global $aio_wp_security;
global $aiowps_feature_mgr;
if (isset($_POST['aiowpsec_save_captcha_settings'])) {
$error = '';
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-captcha-settings-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on captcha settings save!", 4);
die("Nonce check failed on captcha settings save!");
}
//Save all the form values to the options
$random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20);
//Generate random 20 char string for use during captcha encode/decode
$aio_wp_security->configs->set_value('aiowps_captcha_secret_key', $random_20_digit_string);
$aio_wp_security->configs->set_value('aiowps_enable_login_captcha', isset($_POST["aiowps_enable_login_captcha"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_enable_custom_login_captcha', isset($_POST["aiowps_enable_custom_login_captcha"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_enable_lost_password_captcha', isset($_POST["aiowps_enable_lost_password_captcha"]) ? '1' : '');
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_settings_updated();
}
?>
<div class="aio_blue_box">
<?php
echo '<p>' . __('This feature allows you to add a captcha form on the WordPress login page.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('Users who attempt to login will also need to enter the answer to a simple mathematical question - if they enter the wrong answer, the plugin will not allow them login even if they entered the correct username and password.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('Therefore, adding a captcha form on the login page is another effective yet simple "Brute Force" prevention technique.', 'all-in-one-wp-security-and-firewall') . '
</p>';
?>
</div>
<form action="" method="POST">
<div class="postbox">
<h3 class="hndle"><label for="title"><?php
_e('Login Form Captcha Settings', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<?php
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("user-login-captcha");
?>
<?php
wp_nonce_field('aiowpsec-captcha-settings-nonce');
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Enable Captcha On Login Page', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input name="aiowps_enable_login_captcha" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_login_captcha') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to insert a captcha form on the login page', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
</table>
</div></div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php
_e('Custom Login Form Captcha Settings', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<?php
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("custom-login-captcha");
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Enable Captcha On Custom Login Form', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input name="aiowps_enable_custom_login_captcha" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_custom_login_captcha') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to insert captcha on a custom login form generated by the following WP function: wp_login_form()', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
</table>
</div></div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php
_e('Lost Password Form Captcha Settings', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<?php
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("lost-password-captcha");
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Enable Captcha On Lost Password Page', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input name="aiowps_enable_lost_password_captcha" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_lost_password_captcha') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to insert a captcha form on the lost password page', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
</table>
</div></div>
<input type="submit" name="aiowpsec_save_captcha_settings" value="<?php
_e('Save Settings', 'all-in-one-wp-security-and-firewall');
?>
" class="button-primary" />
</form>
<?php
}
function render_tab2()
{
global $aio_wp_security;
global $aiowps_feature_mgr;
if (isset($_POST['aiowpsec_save_registration_captcha_settings'])) {
$error = '';
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-registration-captcha-settings-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on registration captcha settings save!", 4);
die("Nonce check failed on registration captcha settings save!");
}
//Save all the form values to the options
$random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20);
//Generate random 20 char string for use during captcha encode/decode
$aio_wp_security->configs->set_value('aiowps_captcha_secret_key', $random_20_digit_string);
$aio_wp_security->configs->set_value('aiowps_enable_registration_page_captcha', isset($_POST["aiowps_enable_registration_page_captcha"]) ? '1' : '');
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_settings_updated();
}
?>
<div class="aio_blue_box">
<?php
echo '<p>' . __('This feature allows you to add a captcha form on the WordPress registration page.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('Users who attempt to register will also need to enter the answer to a simple mathematical question - if they enter the wrong answer, the plugin will not allow them to register.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('Therefore, adding a captcha form on the registration page is another effective yet simple SPAM registration prevention technique.', 'all-in-one-wp-security-and-firewall') . '
</p>';
?>
</div>
<div class="postbox">
<h3><label for="title"><?php
_e('Registration Page Captcha Settings', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<?php
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
//Hide config settings if MS and not main site
$special_msg = '<div class="aio_yellow_box">';
$special_msg .= '<p>' . __('The core default behaviour for WordPress Multi Site regarding user registration is that all users are registered via the main site.', 'all-in-one-wp-security-and-firewall') . '</p>';
$special_msg .= '<p>' . __('Therefore, if you would like to add a captcha form to the registration page for a Multi Site, please go to "Registration Captcha" settings on the main site.', 'all-in-one-wp-security-and-firewall') . '</p>';
$special_msg .= '</div>';
echo $special_msg;
} else {
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("user-registration-captcha");
?>
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-registration-captcha-settings-nonce');
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Enable Captcha On Registration Page', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input name="aiowps_enable_registration_page_captcha" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to insert a captcha form on the WordPress user registration page (if you allow user registration).', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
</table>
<input type="submit" name="aiowpsec_save_registration_captcha_settings" value="<?php
_e('Save Settings', 'all-in-one-wp-security-and-firewall');
?>
" class="button-primary" />
</form>
</div></div>
<?php
}
}
static function add_option_values()
{
global $aio_wp_security;
$blog_email_address = get_bloginfo('admin_email');
//Get the blog admin email address - we will use as the default value
//WP Generator Meta Tag feature
$aio_wp_security->configs->add_value('aiowps_remove_wp_generator_meta_info', '');
//Checkbox
//Prevent Image Hotlinks
$aio_wp_security->configs->add_value('aiowps_prevent_hotlinking', '');
//Checkbox
//General Settings Page
//User password feature
//Lockdown feature
$aio_wp_security->configs->add_value('aiowps_enable_login_lockdown', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_allow_unlock_requests', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_max_login_attempts', '3');
$aio_wp_security->configs->add_value('aiowps_retry_time_period', '5');
$aio_wp_security->configs->add_value('aiowps_lockout_time_length', '60');
$aio_wp_security->configs->add_value('aiowps_set_generic_login_msg', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_enable_email_notify', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_email_address', $blog_email_address);
//text field
$aio_wp_security->configs->add_value('aiowps_enable_forced_logout', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_logout_time_period', '60');
$aio_wp_security->configs->add_value('aiowps_enable_invalid_username_lockdown', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_unlock_request_secret_key', AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20));
//Hidden secret value which will be used to do some unlock request processing. This will be assigned a random string generated when lockdown settings saved
//Login Whitelist feature
$aio_wp_security->configs->add_value('aiowps_enable_whitelisting', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_allowed_ip_addresses', '');
//Captcha feature
$aio_wp_security->configs->add_value('aiowps_enable_login_captcha', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_captcha_secret_key', AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20));
//Hidden secret value which will be used to do some captcha processing. This will be assigned a random string generated when captcha settings saved
//User registration
$aio_wp_security->configs->add_value('aiowps_enable_manual_registration_approval', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_enable_registration_page_captcha', '');
//Checkbox
//DB Security feature
//$aio_wp_security->configs->add_value('aiowps_new_manual_db_pefix',''); //text field
$aio_wp_security->configs->add_value('aiowps_enable_random_prefix', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_enable_automated_backups', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_db_backup_frequency', '4');
$aio_wp_security->configs->add_value('aiowps_db_backup_interval', '2');
//Dropdown box where (0,1,2) => (hours,days,weeks)
$aio_wp_security->configs->add_value('aiowps_backup_files_stored', '2');
$aio_wp_security->configs->add_value('aiowps_send_backup_email_address', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_backup_email_address', $blog_email_address);
//Filesystem Security feature
$aio_wp_security->configs->add_value('aiowps_disable_file_editing', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_prevent_default_wp_file_access', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_system_log_file', 'error_log');
//Blacklist feature
$aio_wp_security->configs->add_value('aiowps_enable_blacklisting', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_banned_ip_addresses', '');
//Firewall features
$aio_wp_security->configs->add_value('aiowps_enable_basic_firewall', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_enable_pingback_firewall', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_disable_index_views', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_disable_trace_and_track', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_forbid_proxy_comments', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_deny_bad_query_strings', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_advanced_char_string_filter', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_enable_5g_firewall', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_enable_brute_force_attack_prevention', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_brute_force_secret_word', '');
$aio_wp_security->configs->add_value('aiowps_cookie_based_brute_force_redirect_url', 'http://127.0.0.1');
$aio_wp_security->configs->add_value('aiowps_brute_force_attack_prevention_pw_protected_exception', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_brute_force_attack_prevention_ajax_exception', '');
//Checkbox
//404 detection
$aio_wp_security->configs->add_value('aiowps_enable_404_logging', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_enable_404_IP_lockout', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_404_lockout_time_length', '60');
$aio_wp_security->configs->add_value('aiowps_404_lock_redirect_url', 'http://127.0.0.1');
//Brute Force features
$aio_wp_security->configs->add_value('aiowps_enable_rename_login_page', '');
//Checkbox
//Maintenance menu - Visitor lockout feature
$aio_wp_security->configs->add_value('aiowps_site_lockout', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_site_lockout_msg', '');
//Text area/msg box
//SPAM Prevention menu
$aio_wp_security->configs->add_value('aiowps_enable_spambot_blocking', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_enable_comment_captcha', '');
//Checkbox
//Filescan features
//File change detection feature
$aio_wp_security->configs->add_value('aiowps_enable_automated_fcd_scan', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_fcd_scan_frequency', '4');
$aio_wp_security->configs->add_value('aiowps_fcd_scan_interval', '2');
//Dropdown box where (0,1,2) => (hours,days,weeks)
$aio_wp_security->configs->add_value('aiowps_fcd_exclude_filetypes', '');
$aio_wp_security->configs->add_value('aiowps_fcd_exclude_files', '');
$aio_wp_security->configs->add_value('aiowps_send_fcd_scan_email', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_fcd_scan_email_address', $blog_email_address);
$aio_wp_security->configs->add_value('aiowps_fcds_change_detected', FALSE);
//used to display a global alert on site when file change detected
//TODO - keep adding default options for any fields that require it
//Save it
$aio_wp_security->configs->save_config();
}
/**
* This function will perform a database backup
*/
function execute_backup()
{
global $wpdb, $aio_wp_security;
$is_multi_site = false;
@ini_set('auto_detect_line_endings', true);
if (function_exists('is_multisite') && is_multisite()) {
//Let's get the current site's table prefix
$site_pref = esc_sql($wpdb->prefix);
$db_query = "SHOW TABLES LIKE '" . $site_pref . "%'";
$tables = $wpdb->get_results($db_query, ARRAY_N);
$is_multi_site = true;
} else {
//get all of the tables
$tables = $wpdb->get_results('SHOW TABLES', ARRAY_N);
if (empty($tables)) {
$aio_wp_security->debug_logger->log_debug("execute_backup() - no tables found!", 4);
return FALSE;
}
}
$return = '';
//cycle through each table
foreach ($tables as $table) {
$result = $wpdb->get_results('SELECT * FROM `' . $table[0] . '`;', ARRAY_N);
$num_fields = sizeof($wpdb->get_results('DESCRIBE `' . $table[0] . '`;'));
$return .= 'DROP TABLE IF EXISTS `' . $table[0] . '`;';
$row2 = $wpdb->get_row('SHOW CREATE TABLE `' . $table[0] . '`;', ARRAY_N);
if (empty($row2)) {
$aio_wp_security->debug_logger->log_debug("execute_backup() - get_row returned NULL for table: " . $table[0], 4);
}
$return .= PHP_EOL . PHP_EOL . $row2[1] . ";" . PHP_EOL . PHP_EOL;
foreach ($result as $row) {
$return .= 'INSERT INTO `' . $table[0] . '` VALUES(';
for ($j = 0; $j < $num_fields; $j++) {
$row[$j] = addslashes($row[$j]);
//$row[$j] = ereg_replace( PHP_EOL, "\n", $row[$j] ); //deprecated!
$row[$j] = preg_replace("/" . PHP_EOL . "/", "\n", $row[$j]);
if (isset($row[$j])) {
$return .= '"' . $row[$j] . '"';
} else {
$return .= '""';
}
if ($j < $num_fields - 1) {
$return .= ',';
}
}
$return .= ");" . PHP_EOL;
}
$return .= PHP_EOL . PHP_EOL;
}
$return .= PHP_EOL . PHP_EOL;
//Check to see if the main "backups" directory exists - create it otherwise
$aiowps_backup_dir = WP_CONTENT_DIR . '/' . AIO_WP_SECURITY_BACKUPS_DIR_NAME;
$aiowps_backup_url = content_url() . '/' . AIO_WP_SECURITY_BACKUPS_DIR_NAME;
if (!AIOWPSecurity_Utility_File::create_dir($aiowps_backup_dir)) {
$aio_wp_security->debug_logger->log_debug("Creation of DB backup directory failed!", 4);
return false;
}
//Generate a random prefix for more secure filenames
$random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
if ($is_multi_site) {
global $current_blog;
$blog_id = $current_blog->blog_id;
//Get the current site name string for use later
$site_name = get_bloginfo('name');
$site_name = strtolower($site_name);
//make alphaunermic
$site_name = preg_replace("/[^a-z0-9_\\s-]/", "", $site_name);
//Cleanup multiple instances of dashes or whitespaces
$site_name = preg_replace("/[\\s-]+/", " ", $site_name);
//Convert whitespaces and underscore to dash
$site_name = preg_replace("/[\\s_]/", "-", $site_name);
$file = 'database-backup-site-name-' . $site_name . '-' . current_time('Ymd-His') . '-' . $random_suffix;
//We will create a sub dir for the blog using its blog id
$dirpath = $aiowps_backup_dir . '/blogid_' . $blog_id;
//Create a subdirectory for this blog_id
if (!AIOWPSecurity_Utility_File::create_dir($dirpath)) {
$aio_wp_security->debug_logger->log_debug("Creation failed of DB backup directory for the following multisite blog ID: " . $blog_id, 4);
return false;
}
} else {
$dirpath = $aiowps_backup_dir;
$file = 'database-backup-' . current_time('Ymd-His') . '-' . $random_suffix;
}
$handle = @fopen($dirpath . '/' . $file . '.sql', 'w+');
$fw_res = @fwrite($handle, $return);
if (!$fw_res) {
$aio_wp_security->debug_logger->log_debug("execute_backup() - Write to DB backup file failed", 4);
return false;
}
@fclose($handle);
//zip the file
if (class_exists('ZipArchive')) {
$zip = new ZipArchive();
$archive = $zip->open($dirpath . '/' . $file . '.zip', ZipArchive::CREATE);
$zip->addFile($dirpath . '/' . $file . '.sql', $file . '.sql');
$zip->close();
//delete .sql and keep zip
@unlink($dirpath . '/' . $file . '.sql');
$fileext = '.zip';
} else {
$fileext = '.sql';
}
$this->last_backup_file_name = $file . $fileext;
//database-backup-YYYYMMDD-HHIISS-<random-string>.zip or database-backup-YYYYMMDD-HHIISS-<random-string>.sql
$this->last_backup_file_path = $dirpath . '/' . $file . $fileext;
if ($is_multi_site) {
$this->last_backup_file_dir_multisite = $aiowps_backup_dir . '/blogid_' . $blog_id;
}
$this->aiowps_send_backup_email();
//Send backup file via email if applicable
$this->aiowps_delete_backup_files();
return true;
}
function render_tab1()
{
global $wpdb, $aio_wp_security;
$old_db_prefix = $wpdb->prefix;
$new_db_prefix = '';
$perform_db_change = false;
if (isset($_POST['aiowps_db_prefix_change'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-db-prefix-change-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed for DB prefix change operation!", 4);
die(__('Nonce check failed for DB prefix change operation!', 'aiowpsecurity'));
}
//Let's first check if user's system allows writing to wp-config.php file. If plugin cannot write to wp-config we will not do the prefix change.
$config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path();
$file_write = AIOWPSecurity_Utility_File::is_file_writable($config_file);
if (!$file_write) {
$this->show_msg_error(__('The plugin has detected that it cannot write to the wp-config.php file. This feature can only be used if the plugin can successfully write to the wp-config.php file.', 'aiowpsecurity'));
} else {
if (isset($_POST['aiowps_enable_random_prefix'])) {
//User has elected to generate a random DB prefix
$string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string('6');
$new_db_prefix = $string . '_';
$perform_db_change = true;
} else {
if (empty($_POST['aiowps_new_manual_db_prefix'])) {
$this->show_msg_error(__('Please enter a value for the DB prefix.', 'aiowpsecurity'));
} else {
//User has chosen their own DB prefix value
$new_db_prefix = wp_strip_all_tags(trim($_POST['aiowps_new_manual_db_prefix']));
$error = $wpdb->set_prefix($new_db_prefix);
if (is_wp_error($error)) {
wp_die(__('<strong>ERROR</strong>: The table prefix can only contain numbers, letters, and underscores.', 'aiowpsecurity'));
}
$perform_db_change = true;
}
}
}
}
?>
<h2><?php
_e('Change Database Prefix', 'aiowpsecurity');
?>
</h2>
<div class="aio_blue_box">
<?php
echo '<p>' . __('Your WordPress DB is the most important asset of your website because it contains a lot of your site\'s precious information.', 'aiowpsecurity') . '
<br />' . __('The DB is also a target for hackers via methods such as SQL injections and malicious and automated code which targets certain tables.', 'aiowpsecurity') . '
<br />' . __('One way to add a layer of protection for your DB is to change the default WordPress table prefix from "wp_" to something else which will be difficult for hackers to guess.', 'aiowpsecurity') . '
<br />' . __('This feature allows you to easily change the prefix to a value of your choice or to a random value set by this plugin.', 'aiowpsecurity') . '
</p>';
?>
</div>
<div class="postbox">
<h3><label for="title"><?php
_e('DB Prefix Options', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<?php
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("db-security-db-prefix");
?>
<div class="aio_yellow_box">
<?php
$backup_tab_link = '<a href="admin.php?page=' . AIOWPSEC_DB_SEC_MENU_SLUG . '&tab=tab2">DB Backup</a>';
$info_msg = '<p>' . sprintf(__('It is recommended that you perform a %s before using this feature', 'aiowpsecurity'), $backup_tab_link) . '</p>';
echo $info_msg;
?>
</div>
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-db-prefix-change-nonce');
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Current DB Table Prefix', 'aiowpsecurity');
?>
:</th>
<td>
<span class="aiowpsec_field_value"><strong><?php
echo $wpdb->prefix;
?>
</strong></span>
<?php
//now let's display a warning notification if default prefix is used
if ($old_db_prefix == 'wp_') {
echo ' <span class="aio_error_with_icon">' . __('Your site is currently using the default WordPress DB prefix value of "wp_".
To increase your site\'s security you should consider changing the DB prefix value to another value.', 'aiowpsecurity') . '</span>';
}
?>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php
_e('Generate New DB Table Prefix', 'aiowpsecurity');
?>
:</th>
<td>
<input name="aiowps_enable_random_prefix" type="checkbox" <?php
if ($aio_wp_security->configs->get_value('aiowps_enable_random_prefix') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want the plugin to generate a random 6 character string for the table prefix', 'aiowpsecurity');
?>
</span>
<br /><?php
_e('OR', 'aiowpsecurity');
?>
<br /><input type="text" size="10" name="aiowps_new_manual_db_prefix" value="<?php
//echo $aio_wp_security->configs->get_value('aiowps_new_manual_db_prefix');
?>
" />
<span class="description"><?php
_e('Choose your own DB prefix by specifying a string which contains letters and/or numbers and/or underscores. Example: xyz_', 'aiowpsecurity');
?>
</span>
</td>
</tr>
</table>
<input type="submit" name="aiowps_db_prefix_change" value="<?php
_e('Change DB Prefix', 'aiowpsecurity');
?>
" class="button-primary" />
</form>
</div></div>
<?php
if ($perform_db_change) {
//Do the DB prefix change operations
$this->change_db_prefix($old_db_prefix, $new_db_prefix);
}
}
function render_tab1()
{
global $aio_wp_security;
global $aiowps_feature_mgr;
include_once 'wp-security-list-locked-ip.php';
//For rendering the AIOWPSecurity_List_Table in tab1
$locked_ip_list = new AIOWPSecurity_List_Locked_IP();
//For rendering the AIOWPSecurity_List_Table in tab1
if (isset($_POST['aiowps_login_lockdown'])) {
$error = '';
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-login-lockdown-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on login lockdown options save!", 4);
die("Nonce check failed on login lockdown options save!");
}
$max_login_attempt_val = sanitize_text_field($_POST['aiowps_max_login_attempts']);
if (!is_numeric($max_login_attempt_val)) {
$error .= '<br />' . __('You entered a non numeric value for the max login attempts field. It has been set to the default value.', 'all-in-one-wp-security-and-firewall');
$max_login_attempt_val = '3';
//Set it to the default value for this field
}
$login_retry_time_period = sanitize_text_field($_POST['aiowps_retry_time_period']);
if (!is_numeric($login_retry_time_period)) {
$error .= '<br />' . __('You entered a non numeric value for the login retry time period field. It has been set to the default value.', 'all-in-one-wp-security-and-firewall');
$login_retry_time_period = '5';
//Set it to the default value for this field
}
$lockout_time_length = sanitize_text_field($_POST['aiowps_lockout_time_length']);
if (!is_numeric($lockout_time_length)) {
$error .= '<br />' . __('You entered a non numeric value for the lockout time length field. It has been set to the default value.', 'all-in-one-wp-security-and-firewall');
$lockout_time_length = '60';
//Set it to the default value for this field
}
$email_address = sanitize_email($_POST['aiowps_email_address']);
if (!is_email($email_address)) {
$error .= '<br />' . __('You have entered an incorrect email address format. It has been set to your WordPress admin email as default.', 'all-in-one-wp-security-and-firewall');
$email_address = get_bloginfo('admin_email');
//Set the default value to the blog admin email
}
if ($error) {
$this->show_msg_error(__('Attention!', 'all-in-one-wp-security-and-firewall') . $error);
}
//Save all the form values to the options
$random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20);
//Generate random 20 char string for use during captcha encode/decode
$aio_wp_security->configs->set_value('aiowps_unlock_request_secret_key', $random_20_digit_string);
$aio_wp_security->configs->set_value('aiowps_enable_login_lockdown', isset($_POST["aiowps_enable_login_lockdown"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_allow_unlock_requests', isset($_POST["aiowps_allow_unlock_requests"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_max_login_attempts', absint($max_login_attempt_val));
$aio_wp_security->configs->set_value('aiowps_retry_time_period', absint($login_retry_time_period));
$aio_wp_security->configs->set_value('aiowps_lockout_time_length', absint($lockout_time_length));
$aio_wp_security->configs->set_value('aiowps_set_generic_login_msg', isset($_POST["aiowps_set_generic_login_msg"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_enable_invalid_username_lockdown', isset($_POST["aiowps_enable_invalid_username_lockdown"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_enable_email_notify', isset($_POST["aiowps_enable_email_notify"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_email_address', $email_address);
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_settings_updated();
}
if (isset($_REQUEST['action'])) {
if ($_REQUEST['action'] == 'delete_blocked_ip') {
//Delete link was clicked for a row in list table
$locked_ip_list->delete_lockdown_records(strip_tags($_REQUEST['lockdown_id']));
}
if ($_REQUEST['action'] == 'unlock_ip') {
//Unlock link was clicked for a row in list table
$locked_ip_list->unlock_ip_range(strip_tags($_REQUEST['lockdown_id']));
}
}
?>
<h2><?php
_e('Login Lockdown Configuration', 'all-in-one-wp-security-and-firewall');
?>
</h2>
<div class="aio_blue_box">
<?php
$brute_force_login_feature_link = '<a href="admin.php?page=' . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . '&tab=tab2">Cookie-Based Brute Force Login Prevention</a>';
echo '<p>' . __('One of the ways hackers try to compromise sites is via a ', 'all-in-one-wp-security-and-firewall') . '<strong>' . __('Brute Force Login Attack', 'all-in-one-wp-security-and-firewall') . '</strong>.
<br />' . __('This is where attackers use repeated login attempts until they guess the password.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('Apart from choosing strong passwords, monitoring and blocking IP addresses which are involved in repeated login failures in a short period of time is a very effective way to stop these types of attacks.', 'all-in-one-wp-security-and-firewall') . '<p>' . sprintf(__('You may also want to checkout our %s feature for another secure way to protect against these types of attacks.', 'all-in-one-wp-security-and-firewall'), $brute_force_login_feature_link) . '</p>';
?>
</div>
<div class="postbox">
<h3><label for="title"><?php
_e('Login Lockdown Options', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<?php
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("user-login-login-lockdown");
?>
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-login-lockdown-nonce');
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Enable Login Lockdown Feature', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input name="aiowps_enable_login_lockdown" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_login_lockdown') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to enable the login lockdown feature and apply the settings below', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php
_e('Allow Unlock Requests', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input name="aiowps_allow_unlock_requests" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_allow_unlock_requests') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to allow users to generate an automated unlock request link which will unlock their account', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php
_e('Max Login Attempts', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td><input type="text" size="5" name="aiowps_max_login_attempts" value="<?php
echo $aio_wp_security->configs->get_value('aiowps_max_login_attempts');
?>
" />
<span class="description"><?php
_e('Set the value for the maximum login retries before IP address is locked out', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php
_e('Login Retry Time Period (min)', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td><input type="text" size="5" name="aiowps_retry_time_period" value="<?php
echo $aio_wp_security->configs->get_value('aiowps_retry_time_period');
?>
" />
<span class="description"><?php
_e('If the maximum number of failed login attempts for a particular IP address occur within this time period the plugin will lock out that address', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php
_e('Time Length of Lockout (min)', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td><input type="text" size="5" name="aiowps_lockout_time_length" value="<?php
echo $aio_wp_security->configs->get_value('aiowps_lockout_time_length');
?>
" />
<span class="description"><?php
_e('Set the length of time for which a particular IP address will be prevented from logging in', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php
_e('Display Generic Error Message', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input name="aiowps_set_generic_login_msg" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_set_generic_login_msg') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to show a generic error message when a login attempt fails', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php
_e('Instantly Lockout Invalid Usernames', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input name="aiowps_enable_invalid_username_lockdown" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_invalid_username_lockdown') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to instantly lockout login attempts with usernames which do not exist on your system', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php
_e('Notify By Email', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input name="aiowps_enable_email_notify" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_email_notify') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to receive an email when someone has been locked out due to maximum failed login attempts', 'all-in-one-wp-security-and-firewall');
?>
</span>
<br /><input type="text" size="30" name="aiowps_email_address" value="<?php
echo $aio_wp_security->configs->get_value('aiowps_email_address');
?>
" />
<span class="description"><?php
_e('Enter an email address', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
</table>
<input type="submit" name="aiowps_login_lockdown" value="<?php
_e('Save Settings', 'all-in-one-wp-security-and-firewall');
?>
" class="button-primary" />
</form>
</div></div>
<div class="postbox">
<h3><label for="title"><?php
_e('Currently Locked Out IP Address Ranges', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<div class="aio_blue_box aio_width_80">
<?php
$locked_ips_link = '<a href="admin.php?page=' . AIOWPSEC_MAIN_MENU_SLUG . '&tab=tab3">Locked IP Addresses</a>';
echo '<p>' . sprintf(__('To see a list of all locked IP addresses and ranges go to the %s tab in the dashboard menu.', 'all-in-one-wp-security-and-firewall'), $locked_ips_link) . '</p>';
?>
</div>
</div></div>
<?php
}
function render_tab2()
{
global $aio_wp_security;
if (isset($_POST['aiowps_save_htaccess'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-save-htaccess-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on htaccess file save!", 4);
die("Nonce check failed on htaccess file save!");
}
$htaccess_path = ABSPATH . '.htaccess';
$result = AIOWPSecurity_Utility_File::backup_and_rename_htaccess($htaccess_path);
//Backup the htaccess file
if ($result) {
$random_prefix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
$aiowps_backup_dir = WP_CONTENT_DIR . '/' . AIO_WP_SECURITY_BACKUPS_DIR_NAME;
if (rename($aiowps_backup_dir . '/' . '.htaccess.backup', $aiowps_backup_dir . '/' . $random_prefix . '_htaccess_backup.txt')) {
echo '<div id="message" class="updated fade"><p>';
_e('Your .htaccess file was successfully backed up! Using an FTP program go to the "/wp-content/aiowps_backups" directory to save a copy of the file to your computer.', 'aiowpsecurity');
echo '</p></div>';
} else {
$aio_wp_security->debug_logger->log_debug("htaccess file rename failed during backup!", 4);
$this->show_msg_error(__('htaccess file rename failed during backup. Please check your root directory for the backup file using FTP.', 'aiowpsecurity'));
}
} else {
$aio_wp_security->debug_logger->log_debug("htaccess - Backup operation failed!", 4);
$this->show_msg_error(__('htaccess backup failed.', 'aiowpsecurity'));
}
}
if (isset($_POST['aiowps_restore_htaccess_button'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-restore-htaccess-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on htaccess file restore!", 4);
die("Nonce check failed on htaccess file restore!");
}
if (empty($_POST['aiowps_htaccess_file'])) {
$this->show_msg_error(__('Please choose a .htaccess to restore from.', 'aiowpsecurity'));
} else {
//Let's copy the uploaded .htaccess file into the active root file
$new_htaccess_file_path = trim($_POST['aiowps_htaccess_file']);
//TODO
//Verify that file chosen has contents which are relevant to .htaccess file
$is_htaccess = AIOWPSecurity_Utility_Htaccess::check_if_htaccess_contents($new_htaccess_file_path);
if ($is_htaccess == 1) {
$active_root_htaccess = ABSPATH . '.htaccess';
if (!copy($new_htaccess_file_path, $active_root_htaccess)) {
//Failed to make a backup copy
$aio_wp_security->debug_logger->log_debug("htaccess - Restore from .htaccess operation failed!", 4);
$this->show_msg_error(__('htaccess file restore failed. Please attempt to restore the .htaccess manually using FTP.', 'aiowpsecurity'));
} else {
$this->show_msg_updated(__('Your .htaccess file has successfully been restored!', 'aiowpsecurity'));
}
} else {
$aio_wp_security->debug_logger->log_debug("htaccess restore failed - Contents of restore file appear invalid!", 4);
$this->show_msg_error(__('htaccess Restore operation failed! Please check the contents of the file you are trying to restore from.', 'aiowpsecurity'));
}
}
}
?>
<h2><?php
_e('.htaccess File Operations', 'aiowpsecurity');
?>
</h2>
<div class="aio_blue_box">
<?php
echo '<p>' . __('Your ".htaccess" file is a key component of your website\'s security and it can be modified to implement various levels of protection mechanisms.', 'aiowpsecurity') . '
<br />' . __('This feature allows you to backup and save your currently active .htaccess file should you need to re-use the the backed up file in the future.', 'aiowpsecurity') . '
<br />' . __('You can also restore your site\'s .htaccess settings using a backed up .htaccess file.', 'aiowpsecurity') . '
</p>';
?>
</div>
<?php
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
//Hide config settings if MS and not main site
AIOWPSecurity_Utility::display_multisite_message();
} else {
?>
<div class="postbox">
<h3><label for="title"><?php
_e('Save the current .htaccess file', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-save-htaccess-nonce');
?>
<p class="description"><?php
_e('Click the button below to backup and save the currently active .htaccess file.', 'aiowpsecurity');
?>
</p>
<input type="submit" name="aiowps_save_htaccess" value="<?php
_e('Backup .htaccess File', 'aiowpsecurity');
?>
" class="button-primary" />
</form>
</div></div>
<div class="postbox">
<h3><label for="title"><?php
_e('Restore from a backed up .htaccess file', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-restore-htaccess-nonce');
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('.htaccess file to restore from', 'aiowpsecurity');
?>
:</th>
<td>
<input type="button" id="aiowps_htaccess_file_button" name="aiowps_htaccess_file_button" class="button rbutton" value="Select Your htaccess File" />
<input name="aiowps_htaccess_file" type="text" id="aiowps_htaccess_file" value="" size="80" />
<p class="description">
<?php
_e('After selecting your file, click the button below to restore your site using the backed up htaccess file (htaccess_backup.txt).', 'aiowpsecurity');
?>
</p>
</td>
</tr>
</table>
<input type="submit" name="aiowps_restore_htaccess_button" value="<?php
_e('Restore .htaccess File', 'aiowpsecurity');
?>
" class="button-primary" />
</form>
</div></div>
<div class="postbox">
<h3><label for="title"><?php
_e('View Contents of the currently active .htaccess file', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<?php
$ht_file = ABSPATH . '.htaccess';
$ht_contents = AIOWPSecurity_Utility_File::get_file_contents($ht_file);
//echo $ht_contents;
?>
<textarea class="aio_text_area_file_output aio_half_width aio_spacer_10_tb" rows="15" readonly><?php
echo $ht_contents;
?>
</textarea>
</div></div>
<?php
}
// End if statement
}
function render_tab1()
{
global $aiowps_feature_mgr;
global $aio_wp_security;
if (isset($_POST['aiowps_apply_comment_spam_prevention_settings'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-comment-spam-settings-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on save comment spam settings!", 4);
die("Nonce check failed on save comment spam settings!");
}
//Save settings
$random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20);
//Generate random 20 char string for use during captcha encode/decode
$aio_wp_security->configs->set_value('aiowps_captcha_secret_key', $random_20_digit_string);
$aio_wp_security->configs->set_value('aiowps_enable_comment_captcha', isset($_POST["aiowps_enable_comment_captcha"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_enable_spambot_blocking', isset($_POST["aiowps_enable_spambot_blocking"]) ? '1' : '');
//Commit the config settings
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
//Now let's write the applicable rules to the .htaccess file
$res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
if ($res) {
$this->show_msg_updated(__('Settings were successfully saved', 'aiowpsecurity'));
} else {
if ($res == -1) {
$this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'aiowpsecurity'));
}
}
}
?>
<h2><?php
_e('Comment SPAM Settings', 'aiowpsecurity');
?>
</h2>
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-comment-spam-settings-nonce');
?>
<div class="postbox">
<h3><label for="title"><?php
_e('Add Captcha To Comments Form', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<div class="aio_blue_box">
<?php
echo '<p>' . __('This feature will add a simple math captcha field in the WordPress comments form.', 'aiowpsecurity') . '<br />' . __('Adding a captcha field in the comment form is a simple way of greatly reducing SPAM comments from bots without using .htaccess rules.', 'aiowpsecurity') . '</p>';
?>
</div>
<?php
//Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("comment-form-captcha");
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
//Hide config settings if MS and not main site
AIOWPSecurity_Utility::display_multisite_message();
} else {
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Enable Captcha On Comment Forms', 'aiowpsecurity');
?>
:</th>
<td>
<input name="aiowps_enable_comment_captcha" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to insert a captcha field on the comment forms', 'aiowpsecurity');
?>
</span>
</td>
</tr>
</table>
<?php
}
//End if statement
?>
</div></div>
<div class="postbox">
<h3><label for="title"><?php
_e('Block Spambot Comments', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<div class="aio_blue_box">
<?php
echo '<p>' . __('A large portion of WordPress blog comment SPAM is mainly produced by automated bots and not necessarily by humans. ', 'aiowpsecurity') . '<br />' . __('This feature will greatly minimize the useless and unecessary traffic and load on your server resulting from SPAM comments by blocking all comment requests which do not originate from your domain.', 'aiowpsecurity') . '<br />' . __('In other words, if the comment was not submitted by a human who physically submitted the comment on your site, the request will be blocked.', 'aiowpsecurity') . '</p>';
?>
</div>
<?php
//Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("block-spambots");
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
//Hide config settings if MS and not main site
AIOWPSecurity_Utility::display_multisite_message();
} else {
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Block Spambots From Posting Comments', 'aiowpsecurity');
?>
:</th>
<td>
<input name="aiowps_enable_spambot_blocking" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_spambot_blocking') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to apply a firewall rule which will block comments originating from spambots.', 'aiowpsecurity');
?>
</span>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php
_e('More Info', 'aiowpsecurity');
?>
</span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">' . __('This feature will implement a firewall rule to block all comment attempts which do not originate from your domain.', 'aiowpsecurity') . '</p>';
echo '<p class="description">' . __('A legitimate comment is one which is submitted by a human who physically fills out the comment form and clicks the submit button. For such events, the HTTP_REFERRER is always set to your own domain.', 'aiowpsecurity') . '</p>';
echo '<p class="description">' . __('A comment submitted by a spambot is done by directly calling the comments.php file, which usually means that the HTTP_REFERRER value is not your domain and often times empty.', 'aiowpsecurity') . '</p>';
echo '<p class="description">' . __('This feature will check and block comment requests which are not referred by your domain thus greatly reducing your overall blog SPAM and PHP requests done by the server to process these comments.', 'aiowpsecurity') . '</p>';
?>
</div>
</td>
</tr>
</table>
<?php
}
//End if statement
?>
</div></div>
<input type="submit" name="aiowps_apply_comment_spam_prevention_settings" value="<?php
_e('Save Settings', 'aiowpsecurity');
?>
" class="button-primary" />
</form>
<?php
}
