function process_bulk_action() { if ('unblock' === $this->current_action()) { //Process unlock bulk actions if (!isset($_REQUEST['item'])) { AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes', 'all-in-one-wp-security-and-firewall')); } else { $this->unblock_ip_address($_REQUEST['item']); } } }
function process_bulk_action() { if ('delete' === $this->current_action()) { //Process delete bulk actions if (!isset($_REQUEST['item'])) { AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes', 'aiowpsecurity')); } else { $this->delete_404_event_records($_REQUEST['item']); } } }
function blacklist_ip_address($entries) { global $wpdb, $aio_wp_security; $bl_ip_addresses = $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses'); //get the currently saved blacklisted IPs $ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($bl_ip_addresses); if (is_array($entries)) { //Get the selected IP addresses $id_list = "(" . implode(",", $entries) . ")"; //Create comma separate list for DB operation $events_table = AIOWPSEC_TBL_EVENTS; $query = "SELECT ip_or_host FROM {$events_table} WHERE ID IN " . $id_list; $results = $wpdb->get_col($query); if (empty($results)) { AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Could not process the request because the IP addresses for the selected entries could not be found!', 'WPS')); return false; } else { foreach ($results as $entry) { $ip_list_array[] = $entry; } } } elseif ($entries != NULL) { //Blacklist single record $ip_list_array[] = $entries; } $payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'blacklist'); if ($payload[0] == 1) { //success case $result = 1; $list = $payload[1]; $banned_ip_data = implode(PHP_EOL, $list); $aio_wp_security->configs->set_value('aiowps_enable_blacklisting', '1'); //Force blacklist feature to be enabled $aio_wp_security->configs->set_value('aiowps_banned_ip_addresses', $banned_ip_data); $aio_wp_security->configs->save_config(); //Save the configuration $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); //now let's write to the .htaccess file if ($write_result == -1) { AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The plugin was unable to write to the .htaccess file. Please edit file manually.', 'aiowpsecurity')); $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Blacklist_Menu - The plugin was unable to write to the .htaccess file."); } else { AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP addresses have been added to the blacklist and will be permanently blocked!', 'WPS')); } } else { $result = -1; $error_msg = $payload[1][0]; AIOWPSecurity_Admin_Menu::show_msg_error_st($error_msg); } }
function approve_selected_accounts($entries) { global $wpdb, $aio_wp_security; $meta_key = 'aiowps_account_status'; $meta_value = 'approved'; //set account status $failed_accts = ''; //string to store comma separated accounts which failed to update $at_least_one_updated = false; if (is_array($entries)) { //Let's go through each entry and approve foreach ($entries as $user_id) { $result = update_user_meta($user_id, $meta_key, $meta_value); if ($result === false) { $failed_accts .= ' ' . $user_id . ','; $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::approve_selected_accounts() - could not approve account ID: {$user_id}", 4); } else { $at_least_one_updated = true; $user = get_user_by('id', $user_id); if ($user === false) { //don't send mail } else { $email_msg = ''; $to_email_address = $user->user_email; $subject = '[' . get_option('siteurl') . '] ' . __('Your account is now active', 'all-in-one-wp-security-and-firewall'); $email_msg .= __('Your account with user ID:', 'all-in-one-wp-security-and-firewall') . $user->ID . __(' is now active', 'all-in-one-wp-security-and-firewall') . "\n"; $site_title = get_bloginfo('name'); $from_name = empty($site_title) ? 'WordPress' : $site_title; $email_header = 'From: ' . $from_name . ' <' . get_bloginfo('admin_email') . '>' . "\r\n\\"; $sendMail = wp_mail($to_email_address, $subject, $email_msg, $email_header); if (FALSE === $sendMail) { $aio_wp_security->debug_logger->log_debug("Manual account approval notification email failed to send to " . $to_email_address, 4); } } } } if ($at_least_one_updated) { AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected accounts were approved successfully!', 'all-in-one-wp-security-and-firewall')); } if ($failed_accts != '') { //display any failed account updates rtrim($failed_accts); AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The following accounts failed to update successfully: ', 'all-in-one-wp-security-and-firewall') . $failed_accts); } } elseif ($entries != NULL) { //Approve single account $result = update_user_meta($entries, $meta_key, $meta_value); if ($result) { AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected account was approved successfully!', 'all-in-one-wp-security-and-firewall')); $user = get_user_by('id', $entries); $to_email_address = $user->user_email; $email_msg = ''; $subject = '[' . get_option('siteurl') . '] ' . __('Your account is now active', 'all-in-one-wp-security-and-firewall'); $email_msg .= __('Your account with username: '******'all-in-one-wp-security-and-firewall') . $user->user_login . __(' is now active', 'all-in-one-wp-security-and-firewall') . "\n"; $site_title = get_bloginfo('name'); $from_name = empty($site_title) ? 'WordPress' : $site_title; $email_header = 'From: ' . $from_name . ' <' . get_bloginfo('admin_email') . '>' . "\r\n\\"; $sendMail = wp_mail($to_email_address, $subject, $email_msg, $email_header); if (FALSE === $sendMail) { $aio_wp_security->debug_logger->log_debug("Manual account approval notification email failed to send to " . $to_email_address, 4); } } else { if ($result === false) { $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::approve_selected_accounts() - could not approve account ID: {$user_id}", 4); } } } }
function block_spammer_ip_records($entries) { global $wpdb, $aio_wp_security; $raw_banned_ip_list = $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses'); $currently_banned_ips = explode(PHP_EOL, $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses')); if (is_array($entries)) { //Bulk selection using checkboxes were used foreach ($entries as $ip_add) { if (!empty($currently_banned_ips) && !(sizeof($currently_banned_ips) == 1 && trim($currently_banned_ips[0]) == '')) { //Check if the IP address is already in the blacklist. If not add it to the list. if (!in_array($ip_add, $currently_banned_ips)) { $raw_banned_ip_list .= PHP_EOL . $ip_add; } } else { //if blacklist is currently empty just add all IP addresses to the list regardless $raw_banned_ip_list .= PHP_EOL . $ip_add; } } } else { if ($entries != NULL) { //individual entry where "block" link was clicked //Check if the IP address is already in the blacklist. If not add it to the list. if (!in_array($entries, $currently_banned_ips)) { $raw_banned_ip_list .= PHP_EOL . $entries; } } } //Let's save the selected IP addresses to the blacklist config $aio_wp_security->configs->set_value('aiowps_banned_ip_addresses', $raw_banned_ip_list); //Save the blocked IP address config variable with the newly added addresses $aio_wp_security->configs->save_config(); AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP addresses were saved in the blacklist configuration settings.', 'aiowpsecurity')); //Let's check if the Enable Blacklisting flag has been set - If so, we will write the new data to the .htaccess file. if ($aio_wp_security->configs->get_value('aiowps_enable_blacklisting') == '1') { $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); if ($write_result == -1) { AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The plugin was unable to write to the .htaccess file. Please edit file manually.', 'aiowpsecurity')); $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Blacklist_Menu - The plugin was unable to write to the .htaccess file."); } else { AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The .htaccess file was successfully modified to include the selected IP addresses.', 'aiowpsecurity')); } } else { $blacklist_settings_link = '<a href="admin.php?page=' . AIOWPSEC_BLACKLIST_MENU_SLUG . '">Ban Users</a>'; $info_msg = '<p>' . __('NOTE: The .htaccess file was not modified because you have disabled the "Enable IP or User Agent Blacklisting" check box.', 'aiowpsecurity') . '<br />' . sprintf(__('To block these IP addresses you will need to enable the above flag in the %s menu', 'aiowpsecurity'), $blacklist_settings_link) . '</p>'; AIOWPSecurity_Admin_Menu::show_msg_updated_st($info_msg); } }
static function disable_file_edits() { global $aio_wp_security; $edit_file_config_entry_exists = false; //Config file path $config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path(); //Get wp-config.php file contents so we can check if the "DISALLOW_FILE_EDIT" variable already exists $config_contents = file($config_file); foreach ($config_contents as $line_num => $line) { if (strpos($line, "'DISALLOW_FILE_EDIT', false")) { $config_contents[$line_num] = str_replace('false', 'true', $line); $edit_file_config_entry_exists = true; //$this->show_msg_updated(__('Settings Saved - The ability to edit PHP files via the admin the panel has been DISABLED.', 'all-in-one-wp-security-and-firewall')); } else { if (strpos($line, "'DISALLOW_FILE_EDIT', true")) { $edit_file_config_entry_exists = true; //$this->show_msg_updated(__('Your system config file is already configured to disallow PHP file editing.', 'all-in-one-wp-security-and-firewall')); return true; } } //For wp-config.php files originating from early WP versions we will remove the closing php tag if (strpos($line, "?>") !== false) { $config_contents[$line_num] = str_replace("?>", "", $line); } } if (!$edit_file_config_entry_exists) { //Construct the config code which we will insert into wp-config.php $new_snippet = '//Disable File Edits' . PHP_EOL; $new_snippet .= 'define(\'DISALLOW_FILE_EDIT\', true);'; $config_contents[] = $new_snippet; //Append the new snippet to the end of the array } //Make a backup of the config file if (!AIOWPSecurity_Utility_File::backup_and_rename_wp_config($config_file)) { AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Failed to make a backup of the wp-config.php file. This operation will not go ahead.', 'all-in-one-wp-security-and-firewall')); //$aio_wp_security->debug_logger->log_debug("Disable PHP File Edit - Failed to make a backup of the wp-config.php file.",4); return false; } else { //$this->show_msg_updated(__('A backup copy of your wp-config.php file was created successfully....', 'all-in-one-wp-security-and-firewall')); } //Now let's modify the wp-config.php file if (AIOWPSecurity_Utility_File::write_content_to_file($config_file, $config_contents)) { //$this->show_msg_updated(__('Settings Saved - Your system is now configured to not allow PHP file editing.', 'all-in-one-wp-security-and-firewall')); return true; } else { //$this->show_msg_error(__('Operation failed! Unable to modify wp-config.php file!', 'all-in-one-wp-security-and-firewall')); $aio_wp_security->debug_logger->log_debug("Disable PHP File Edit - Unable to modify wp-config.php", 4); return false; } }