コード例 #1
0
 function do_other_admin_side_init_tasks()
 {
     global $aio_wp_security;
     //***New Feature improvement for Cookie Based Brute Force Protection***//
     //The old "test cookie" used to be too easy to guess because someone could just read the code and get the value.
     //So now we will drop a more secure test cookie using a 10 digit random string
     if ($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention') == '1') {
         // This code is for users who had this feature saved using an older release. This will drop the new more secure test cookie to the browser and will write it to the .htaccess file too
         $test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
         if (empty($test_cookie)) {
             $random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
             $test_cookie_name = 'aiowps_cookie_test_' . $random_suffix;
             $aio_wp_security->configs->set_value('aiowps_cookie_brute_test', $test_cookie_name);
             $aio_wp_security->configs->save_config();
             //save the value
             AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, "1");
             //Write this new cookie to the .htaccess file
             $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
             if ($res == -1) {
                 $aio_wp_security->debug_logger->log_debug("Error writing new test cookie with random suffix to .htaccess file!", 4);
             }
         }
     }
     //For cookie test form submission case
     if (isset($_GET['page']) && $_GET['page'] == AIOWPSEC_BRUTE_FORCE_MENU_SLUG && isset($_GET['tab']) && $_GET['tab'] == 'tab2') {
         global $aio_wp_security;
         if (isset($_POST['aiowps_do_cookie_test_for_bfla'])) {
             $random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
             $test_cookie_name = 'aiowps_cookie_test_' . $random_suffix;
             $aio_wp_security->configs->set_value('aiowps_cookie_brute_test', $test_cookie_name);
             $aio_wp_security->configs->save_config();
             //save the value
             AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, "1");
             $cur_url = "admin.php?page=" . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . "&tab=tab2";
             $redirect_url = AIOWPSecurity_Utility::add_query_data_to_url($cur_url, 'aiowps_cookie_test', "1");
             AIOWPSecurity_Utility::redirect_to_url($redirect_url);
         }
         if (isset($_POST['aiowps_enable_brute_force_attack_prevention'])) {
             $brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
             if (empty($brute_force_feature_secret_word)) {
                 $brute_force_feature_secret_word = "aiowps_secret";
             }
             AIOWPSecurity_Utility::set_cookie_value($brute_force_feature_secret_word, "1");
         }
         if (isset($_REQUEST['aiowps_cookie_test'])) {
             $test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
             $cookie_val = AIOWPSecurity_Utility::get_cookie_value($test_cookie);
             if (empty($cookie_val)) {
                 $aio_wp_security->configs->set_value('aiowps_cookie_test_success', '');
             } else {
                 $aio_wp_security->configs->set_value('aiowps_cookie_test_success', '1');
             }
             $aio_wp_security->configs->save_config();
             //save the value
         }
     }
     if (isset($_POST['aiowps_save_wp_config'])) {
         $nonce = $_REQUEST['_wpnonce'];
         if (!wp_verify_nonce($nonce, 'aiowpsec-save-wp-config-nonce')) {
             $aio_wp_security->debug_logger->log_debug("Nonce check failed on wp_config file save!", 4);
             die("Nonce check failed on wp_config file save!");
         }
         $wp_config_path = AIOWPSecurity_Utility_File::get_wp_config_file_path();
         $result = AIOWPSecurity_Utility_File::backup_and_rename_wp_config($wp_config_path);
         //Backup the wp_config.php file
         AIOWPSecurity_Utility_File::download_a_file_option1($wp_config_path, "wp-config-backup.txt");
     }
     //Handle export settings
     if (isset($_POST['aiowps_export_settings'])) {
         $nonce = $_REQUEST['_wpnonce'];
         if (!wp_verify_nonce($nonce, 'aiowpsec-export-settings-nonce')) {
             $aio_wp_security->debug_logger->log_debug("Nonce check failed on export AIOWPS settings!", 4);
             die("Nonce check failed on export AIOWPS settings!");
         }
         $config_data = get_option('aio_wp_security_configs');
         $output = json_encode($config_data);
         AIOWPSecurity_Utility_File::download_content_to_a_file($output);
     }
 }
コード例 #2
0
 function __construct()
 {
     global $aio_wp_security;
     if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
         add_action('widgets_init', array(&$this, 'remove_standard_wp_meta_widget'));
         add_filter('retrieve_password_message', array(&$this, 'decode_reset_pw_msg'), 10, 4);
         //Fix for non decoded html entities in password reset link
     }
     add_action('admin_notices', array(&$this, 'reapply_htaccess_rules_notice'));
     if (isset($_REQUEST['aiowps_reapply_htaccess'])) {
         if (strip_tags($_REQUEST['aiowps_reapply_htaccess']) == 1) {
             include_once 'wp-security-installer.php';
             if (AIOWPSecurity_Installer::reactivation_tasks()) {
                 echo '<div class="updated"><p>The AIOWPS .htaccess rules were successfully re-inserted.</p></div>';
             } else {
                 echo '<div class="error"><p>AIOWPS encountered an error when trying to write to your .htaccess file. Please check the logs.</p></div>';
             }
         } elseif (strip_tags($_REQUEST['aiowps_reapply_htaccess']) == 2) {
             //Don't re-write the rules and just delete the temp config item
             delete_option('aiowps_temp_configs');
         }
     }
     if ($aio_wp_security->configs->get_value('aiowps_prevent_site_display_inside_frame') == '1') {
         send_frame_options_header();
         //send X-Frame-Options: SAMEORIGIN in HTTP header
     }
     if ($aio_wp_security->configs->get_value('aiowps_remove_wp_generator_meta_info') == '1') {
         add_filter('the_generator', array(&$this, 'remove_wp_generator_meta_info'));
     }
     //For the cookie based brute force prevention feature
     if ($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention') == 1) {
         $bfcf_secret_word = $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word');
         if (isset($_GET[$bfcf_secret_word])) {
             //If URL contains secret word in query param then set cookie and then redirect to the login page
             AIOWPSecurity_Utility::set_cookie_value($bfcf_secret_word, "1");
             AIOWPSecurity_Utility::redirect_to_url(AIOWPSEC_WP_URL . "/wp-admin");
         }
     }
     //For user unlock request feature
     if (isset($_POST['aiowps_unlock_request']) || isset($_POST['aiowps_wp_submit_unlock_request'])) {
         nocache_headers();
         remove_action('wp_head', 'head_addons', 7);
         include_once AIO_WP_SECURITY_PATH . '/other-includes/wp-security-unlock-request.php';
         exit;
     }
     if (isset($_GET['aiowps_auth_key'])) {
         //If URL contains unlock key in query param then process the request
         $unlock_key = strip_tags($_GET['aiowps_auth_key']);
         AIOWPSecurity_User_Login::process_unlock_request($unlock_key);
     }
     //For honeypot feature
     if (isset($_POST['aio_special_field'])) {
         $special_field_value = strip_tags($_POST['aio_special_field']);
         if (!empty($special_field_value)) {
             //This means a robot has submitted the login form!
             //Redirect back to its localhost
             AIOWPSecurity_Utility::redirect_to_url('http://127.0.0.1');
         }
     }
     //For 404 IP lockout feature
     if ($aio_wp_security->configs->get_value('aiowps_enable_404_IP_lockout') == '1') {
         if (!is_user_logged_in() || !current_user_can('administrator')) {
             $this->do_404_lockout_tasks();
         }
     }
     //For login captcha feature
     if ($aio_wp_security->configs->get_value('aiowps_enable_login_captcha') == '1') {
         if (!is_user_logged_in()) {
             add_action('login_form', array(&$this, 'insert_captcha_question_form'));
         }
     }
     //For custom login form captcha feature, ie, when wp_login_form() function is used to generate login form
     if ($aio_wp_security->configs->get_value('aiowps_enable_custom_login_captcha') == '1') {
         if (!is_user_logged_in()) {
             add_filter('login_form_middle', array(&$this, 'insert_captcha_custom_login'), 10, 2);
             //For cases where the WP wp_login_form() function is used
         }
     }
     //For honeypot feature
     if ($aio_wp_security->configs->get_value('aiowps_enable_login_honeypot') == '1') {
         if (!is_user_logged_in()) {
             add_action('login_form', array(&$this, 'insert_honeypot_hidden_field'));
         }
     }
     //For lost password captcha feature
     if ($aio_wp_security->configs->get_value('aiowps_enable_lost_password_captcha') == '1') {
         if (!is_user_logged_in()) {
             add_action('lostpassword_form', array(&$this, 'insert_captcha_question_form'));
             add_action('lostpassword_post', array(&$this, 'process_lost_password_form_post'));
         }
     }
     //For registration page captcha feature
     if (AIOWPSecurity_Utility::is_multisite_install()) {
         $blog_id = get_current_blog_id();
         switch_to_blog($blog_id);
         if ($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1') {
             if (!is_user_logged_in()) {
                 add_action('signup_extra_fields', array(&$this, 'insert_captcha_question_form_multi'));
                 //add_action('preprocess_signup_form', array(&$this, 'process_signup_form_multi'));
                 add_filter('wpmu_validate_user_signup', array(&$this, 'process_signup_form_multi'));
             }
         }
         restore_current_blog();
     } else {
         if ($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1') {
             if (!is_user_logged_in()) {
                 add_action('register_form', array(&$this, 'insert_captcha_question_form'));
             }
         }
     }
     //For comment captcha feature
     if (AIOWPSecurity_Utility::is_multisite_install()) {
         $blog_id = get_current_blog_id();
         switch_to_blog($blog_id);
         if ($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1') {
             add_action('comment_form_after_fields', array(&$this, 'insert_captcha_question_form'), 1);
             add_action('comment_form_logged_in_after', array(&$this, 'insert_captcha_question_form'), 1);
             add_filter('preprocess_comment', array(&$this, 'process_comment_post'));
         }
         restore_current_blog();
     } else {
         if ($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1') {
             add_action('comment_form_after_fields', array(&$this, 'insert_captcha_question_form'), 1);
             add_action('comment_form_logged_in_after', array(&$this, 'insert_captcha_question_form'), 1);
             add_filter('preprocess_comment', array(&$this, 'process_comment_post'));
         }
     }
     //For buddypress registration captcha feature
     if ($aio_wp_security->configs->get_value('aiowps_enable_bp_register_captcha') == '1') {
         add_action('bp_account_details_fields', array(&$this, 'insert_captcha_question_form'));
         add_action('bp_signup_validate', array(&$this, 'buddy_press_signup_validate_captcha'));
     }
     //For feature which displays logged in users
     $this->update_logged_in_user_transient();
     //For block fake googlebots feature
     if ($aio_wp_security->configs->get_value('aiowps_block_fake_googlebots') == '1') {
         include_once AIO_WP_SECURITY_PATH . '/classes/wp-security-bot-protection.php';
         AIOWPSecurity_Fake_Bot_Protection::block_fake_googlebots();
     }
     //For 404 event logging
     if ($aio_wp_security->configs->get_value('aiowps_enable_404_logging') == '1') {
         add_action('wp_head', array(&$this, 'check_404_event'));
     }
     //Add more tasks that need to be executed at init time
 }
 function __construct()
 {
     global $aio_wp_security;
     if ($aio_wp_security->configs->get_value('aiowps_remove_wp_generator_meta_info') == '1') {
         add_filter('the_generator', array(&$this, 'remove_wp_generator_meta_info'));
     }
     //For the cookie based brute force prevention feature
     $bfcf_secret_word = $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word');
     if (isset($_GET[$bfcf_secret_word])) {
         //If URL contains secret word in query param then set cookie and then redirect to the login page
         AIOWPSecurity_Utility::set_cookie_value($bfcf_secret_word, "1");
         AIOWPSecurity_Utility::redirect_to_url(AIOWPSEC_WP_URL . "/wp-admin");
     }
     //For user unlock request feature
     if (isset($_POST['aiowps_unlock_request']) || isset($_POST['aiowps_wp_submit_unlock_request'])) {
         nocache_headers();
         remove_action('wp_head', 'head_addons', 7);
         include_once AIO_WP_SECURITY_PATH . '/other-includes/wp-security-unlock-request.php';
         exit;
     }
     if (isset($_GET['aiowps_auth_key'])) {
         //If URL contains unlock key in query param then process the request
         $unlock_key = strip_tags($_GET['aiowps_auth_key']);
         AIOWPSecurity_User_Login::process_unlock_request($unlock_key);
     }
     //For 404 IP lockout feature
     if ($aio_wp_security->configs->get_value('aiowps_enable_404_IP_lockout') == '1') {
         if (!is_user_logged_in() || !current_user_can('administrator')) {
             $this->do_404_lockout_tasks();
         }
     }
     //For login captcha feature
     if ($aio_wp_security->configs->get_value('aiowps_enable_login_captcha') == '1') {
         if (!is_user_logged_in()) {
             add_action('login_form', array(&$this, 'insert_captcha_question_form'));
         }
     }
     //For lost password captcha feature
     if ($aio_wp_security->configs->get_value('aiowps_enable_lost_password_captcha') == '1') {
         if (!is_user_logged_in()) {
             add_action('lostpassword_form', array(&$this, 'insert_captcha_question_form'));
             add_action('lostpassword_post', array(&$this, 'process_lost_password_form_post'));
         }
     }
     //For registration page captcha feature
     if (AIOWPSecurity_Utility::is_multisite_install()) {
         $blog_id = get_current_blog_id();
         switch_to_blog($blog_id);
         if ($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1') {
             if (!is_user_logged_in()) {
                 add_action('signup_extra_fields', array(&$this, 'insert_captcha_question_form_multi'));
                 //add_action('preprocess_signup_form', array(&$this, 'process_signup_form_multi'));
                 add_filter('wpmu_validate_user_signup', array(&$this, 'process_signup_form_multi'));
             }
         }
         restore_current_blog();
     } else {
         if ($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1') {
             if (!is_user_logged_in()) {
                 add_action('register_form', array(&$this, 'insert_captcha_question_form'));
             }
         }
     }
     //For comment captcha feature
     if (AIOWPSecurity_Utility::is_multisite_install()) {
         $blog_id = get_current_blog_id();
         switch_to_blog($blog_id);
         if ($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1') {
             add_action('comment_form_after_fields', array(&$this, 'insert_captcha_question_form'), 1);
             add_action('comment_form_logged_in_after', array(&$this, 'insert_captcha_question_form'), 1);
             add_filter('preprocess_comment', array(&$this, 'process_comment_post'));
         }
         restore_current_blog();
     } else {
         if ($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1') {
             add_action('comment_form_after_fields', array(&$this, 'insert_captcha_question_form'), 1);
             add_action('comment_form_logged_in_after', array(&$this, 'insert_captcha_question_form'), 1);
             add_filter('preprocess_comment', array(&$this, 'process_comment_post'));
         }
     }
     //For feature which displays logged in users
     $this->update_logged_in_user_transient();
     //For block fake googlebots feature
     if ($aio_wp_security->configs->get_value('aiowps_block_fake_googlebots') == '1') {
         include_once AIO_WP_SECURITY_PATH . '/classes/wp-security-bot-protection.php';
         AIOWPSecurity_Fake_Bot_Protection::block_fake_googlebots();
     }
     //For 404 event logging
     if ($aio_wp_security->configs->get_value('aiowps_enable_404_logging') == '1') {
         add_action('wp_head', array(&$this, 'check_404_event'));
     }
     //Add more tasks that need to be executed at init time
 }
コード例 #4
0
 function do_other_admin_side_init_tasks()
 {
     if (isset($_GET['page']) && $_GET['page'] == AIOWPSEC_BRUTE_FORCE_MENU_SLUG && isset($_GET['tab']) && $_GET['tab'] == 'tab2') {
         global $aio_wp_security;
         if (isset($_POST['aiowps_do_cookie_test_for_bfla'])) {
             AIOWPSecurity_Utility::set_cookie_value("aiowps_cookie_test", "1");
             $cur_url = "admin.php?page=" . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . "&tab=tab2";
             $redirect_url = AIOWPSecurity_Utility::add_query_data_to_url($cur_url, "aiowps_cookie_test", "1");
             AIOWPSecurity_Utility::redirect_to_url($redirect_url);
         }
         if (isset($_POST['aiowps_enable_brute_force_attack_prevention'])) {
             $brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
             if (empty($brute_force_feature_secret_word)) {
                 $brute_force_feature_secret_word = "aiowps_secret";
             }
             AIOWPSecurity_Utility::set_cookie_value($brute_force_feature_secret_word, "1");
         }
         if (isset($_REQUEST['aiowps_cookie_test'])) {
             $cookie_val = AIOWPSecurity_Utility::get_cookie_value("aiowps_cookie_test");
             if (empty($cookie_val)) {
                 $aio_wp_security->configs->set_value('aiowps_cookie_test_success', '');
             } else {
                 $aio_wp_security->configs->set_value('aiowps_cookie_test_success', '1');
             }
             $aio_wp_security->configs->save_config();
             //save the value
         }
     }
     if (isset($_POST['aiowps_save_wp_config'])) {
         $nonce = $_REQUEST['_wpnonce'];
         if (!wp_verify_nonce($nonce, 'aiowpsec-save-wp-config-nonce')) {
             $aio_wp_security->debug_logger->log_debug("Nonce check failed on wp_config file save!", 4);
             die("Nonce check failed on wp_config file save!");
         }
         $wp_config_path = ABSPATH . 'wp-config.php';
         $result = AIOWPSecurity_Utility_File::backup_and_rename_wp_config($wp_config_path);
         //Backup the wp_config.php file
         AIOWPSecurity_Utility_File::download_a_file_option1($wp_config_path, "wp-config-backup.txt");
     }
 }