Exemplo n.º 1
0
function sixscan_communication_oracle_reg_register($site_url, $user_email, $user_password, $notice_script_url, &$sixscan_oracle_auth_struct, $partner_id, $partner_key, $dbkey)
{
    $expected = array("site_id", "api_token", "dashboard_token", "verification_token");
    try {
        /*	The notice script will be relative to the blog's URL */
        $relative_notice_url = substr($notice_script_url, strlen($site_url) + 1);
        /*	Sending registration data to server, using GET */
        $request_register_url = SIXSCAN_BODYGUARD_REGISTER_URL . "?platform=" . SIXSCAN_PLATFORM_TYPE . "&platform_version=" . sixscan_common_get_wp_version() . "&platform_locale=" . get_locale() . "&current_version=" . SIXSCAN_VERSION . "&url={$site_url}&email={$user_email}&password={$user_password}&notice_script_url={$relative_notice_url}&dbkey={$dbkey}";
        /*	If partner ID and Key exists, add it to registration request. */
        if ($partner_id != "" && $partner_key != "") {
            $request_register_url .= "&partner_id={$partner_id}&partner_key={$partner_key}";
        }
        $response = sixscan_common_request_network($request_register_url, "", "GET");
        $raw_register_data = wp_remote_retrieve_body($response);
        if (is_wp_error($response)) {
            $error_string = $response->get_error_message();
            $error_string = str_replace($request_register_url, SIXSCAN_BODYGUARD_REGISTER_URL, $error_string);
            return $error_string;
        } else {
            if (200 != wp_remote_retrieve_response_code($response)) {
                $error_string = "wp_remote_get returned httpd status " . wp_remote_retrieve_response_code($response) . ", data:" . urldecode($raw_register_data);
                return $error_string;
            }
        }
        $registration_answer = explode("&", $raw_register_data);
        $request_error_log = "";
        /*	Register site_id , api_token , dashboard_token , verification_token */
        foreach ($registration_answer as $onekey) {
            list($key, $val) = explode("=", $onekey);
            $request_error_log = $request_error_log . "{$key}=___&";
            /* Because this error is logged , we do not want to send data over the net. Replace the real keys with '___' chars */
            $arr_location = array_search($key, $expected);
            /*	If there was some mistake in the way, and we have received a key , which is not in our array. */
            if ($arr_location === FALSE) {
                return "Bad value received from 6Scan server.";
            }
            $sixscan_oracle_auth_struct[$key] = trim($val);
            /*	The key was handled , and we can remove it from the array */
            unset($expected[$arr_location]);
        }
        /*	If we have not updated all the required values there was some error during registration */
        if (!empty($expected)) {
            return "Bad value received from 6Scan server.";
        }
        /*	Return the data from registration server */
        return TRUE;
    } catch (Exception $e) {
        die($e);
    }
}
Exemplo n.º 2
0
function sixscan_signature_engine_update_get($site_id, $api_token, $current_engine_version)
{
    /*	Craft an URL to request new signature */
    $version_update_url = SIXSCAN_BODYGUARD_6SCAN_UPDATE_APP_URL . "?site_id=" . $site_id . "&api_token=" . $api_token . "&current_version=" . $current_engine_version . "&platform_version=" . sixscan_common_get_wp_version();
    /*Request the new version from server */
    $response = sixscan_common_request_network($version_update_url, "", "GET");
    if (is_wp_error($response)) {
        return "wp_remote_get() failed : " . $response->get_error_message();
    }
    $response_code = wp_remote_retrieve_response_code($response);
    /*	The signatures do not need an update */
    if (SIXSCAN_UPDATE_LAST_VERSION_RESPONSE_CODE == $response_code) {
        return TRUE;
    }
    /*	If the response isn't "you have the latest version" , and "Ok, there is new version" - return error */
    if (SIXSCAN_UPDATE_OK_RESPONSE_CODE != $response_code) {
        return "wp_remote_get() returned status code " . $response_code;
    }
    /*	Handle the gzipped program here */
    $zipped_program = wp_remote_retrieve_body($response);
    /*	Get the headers , and extract the openssl signature from there */
    $response_headers = wp_remote_retrieve_headers($response);
    /* Check the authenticity of new signatures. have to be signed by 6Scan private key */
    $ssl_check_result = sixscan_signatures_update_check_ssl_signature($zipped_program, $response_headers);
    if ($ssl_check_result !== TRUE) {
        return $ssl_check_result;
    }
    if (sixscan_signatures_init_wp_filesystem($response_headers) == NULL) {
        return "Failed initializing wp_filesystem()";
    }
    global $wp_filesystem;
    /*	Prepare temporary names */
    $temp_upgrade_dir_local = trailingslashit(WP_CONTENT_DIR) . trailingslashit("6scan_update");
    $temp_upgrade_dir = $wp_filesystem->wp_content_dir() . trailingslashit("6scan_update");
    $temp_zip_file_local = trailingslashit(WP_CONTENT_DIR) . "bguard.zip";
    $temp_zip_file = $wp_filesystem->wp_content_dir() . "bguard.zip";
    /*	Create temp directory for update */
    if ($wp_filesystem->exists($temp_upgrade_dir)) {
        $wp_filesystem->delete($temp_upgrade_dir, TRUE);
    }
    if ($wp_filesystem->is_dir($temp_upgrade_dir) == FALSE && $wp_filesystem->mkdir($temp_upgrade_dir) == FALSE) {
        return "Failed creating temp directory for update at " . $temp_upgrade_dir;
    }
    /*	Write the zip file */
    if ($wp_filesystem->exists($temp_zip_file)) {
        $wp_filesystem->delete($temp_zip_file);
    }
    if ($wp_filesystem->put_contents($temp_zip_file, $zipped_program) == FALSE) {
        return "Failed writing file to " . $temp_zip_file;
    }
    /*	unzip_file returns mixed on failure. It uses global $wp_filesystem. */
    if (unzip_file($temp_zip_file_local, $temp_upgrade_dir) !== TRUE) {
        return "unzip_file() from {$temp_zip_file} to {$temp_upgrade_dir} failed";
    }
    /*	Remove the no longer required zip file */
    $wp_filesystem->delete($temp_zip_file);
    $plugin_main_directory = plugin_dir_path(__FILE__) . "../../";
    $plugin_main_directory = $wp_filesystem->wp_plugins_dir() . SIXSCAN_PLUGIN_DIRNAME;
    $temp_upgrade_dir_internal = sixscan_signatures_update_find_plugin_dir($temp_upgrade_dir_local);
    if ($temp_upgrade_dir_internal == "") {
        return "Couldn't find plugin dir in the unzipped folder {$temp_upgrade_dir_local}";
    }
    $temp_upgrade_dir_internal = untrailingslashit($wp_filesystem->find_folder($temp_upgrade_dir_internal));
    /*	Now bulk copy the rest of files to their places: */
    sixscan_signatures_update_move_dir_recursive($temp_upgrade_dir_internal, $plugin_main_directory);
    /*	Remove the tmp directory */
    $wp_filesystem->delete($temp_upgrade_dir, TRUE);
    return TRUE;
}