public static function getDatabaseUserAccessRightsInfo()
{
$rights = WsdInfoServer::getDatabaseUserAccessRights();
$rightsNeeded = $rights['rightsNeeded'];
$rightsHaving = $rights['rightsHaving'];
$rightsMissing = array_diff($rightsNeeded, $rightsHaving);
if ($rights['rightsTooMuch']) {
$e = '<code>' . implode('</code>, <code>', $rightsNeeded) . '</code>';
$m = sprintf(__("The user currently configured to access the WordPress Database <code>holds too many rights</code>.\n We suggest that you limit his rights (to only %s) or to use another User with more limited rights instead, to increase your website's Security.", WpsSettings::TEXT_DOMAIN), $e);
return '<span class="acx-icon-alert-info">' . $m . '</span>';
} else {
if ($rights['rightsEnough']) {
$m = __("The user currently configured to access the WordPress Database holds the appropriate rights to interact with the database.", WpsSettings::TEXT_DOMAIN);
return '<span class="acx-icon-alert-success">' . $m . '</span>';
} else {
$missing = '<code>' . implode('</code>, <code>', $rightsMissing) . '</code>';
$m = sprintf(__("The user currently configured to access the WordPress Database is missing the following rights to interact with the database: %s", WpsSettings::TEXT_DOMAIN), $missing);
return '<span class="acx-icon-alert-info">' . $m . '</span>';
}
}
}
<?php
if (!WsdUtil::canLoad()) {
return;
}
echo WsdInfoServer::getServerInfo();
?>
static function activate()
{
wssLog(__METHOD__ . '() executed');
global $wpdb;
$charset_collate = '';
if (!empty($wpdb->charset)) {
$charset_collate = "DEFAULT CHARACTER SET {$wpdb->charset}";
}
if (!empty($wpdb->collate)) {
$charset_collate .= " COLLATE {$wpdb->collate}";
}
// MUST HAVE "CREATE" RIGHTS if a table is not found and needs to be created
$rights = WsdInfoServer::getDatabaseUserAccessRights();
wssLog('USER RIGHTS', $rights);
$hasCreateRight = in_array('CREATE', $rights['rightsHaving']);
// Must have alter right for updating table
$hasAlterRight = in_array('CREATE', $rights['rightsHaving']);
$table1 = self::getTableName(WpsSettings::ALERTS_TABLE_NAME);
$table2 = self::getTableName(WpsSettings::LIVE_TRAFFIC_TABLE_NAME);
$table3 = self::getTableName(WpsSettings::SCAN_TABLE_NAME);
$table4 = self::getTableName(WpsSettings::SCANS_TABLE_NAME);
if (!WsdUtil::tableExists($table1)) {
wssLog("table not found: {$table1}");
if (!$hasCreateRight) {
wssLog("user has no create right. cannot create table: {$table1}");
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>: The database user needs the '<strong>CREATE</strong>' right in order to install this plugin.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
$query1 = "CREATE TABLE IF NOT EXISTS {$table1} (\n `alertId` INT UNSIGNED NOT NULL AUTO_INCREMENT ,\n `alertType` TINYINT NOT NULL DEFAULT 0 ,\n `alertSeverity` INT NOT NULL DEFAULT 0 ,\n `alertActionName` VARCHAR (255) NOT NULL,\n `alertTitle` VARCHAR(255) NOT NULL ,\n `alertDescription` TEXT NOT NULL ,\n `alertSolution` TEXT NOT NULL ,\n `alertDate` DATETIME NOT NULL default '0000-00-00 00:00:00',\n `alertFirstSeen` DATETIME NOT NULL default '0000-00-00 00:00:00',\n PRIMARY KEY (`alertId`) ,\n UNIQUE INDEX `alertId_UNIQUE` (`alertId` ASC) ) {$charset_collate};";
$result = @$wpdb->query($query1);
if ($result === false) {
//#! MySQL error
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$query1}</pre></strong>.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
wssLog("table created: {$table1}");
}
$alterCheck = true;
if (!WsdUtil::tableExists($table2)) {
wssLog("table not found: {$table2}");
if (!$hasCreateRight) {
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>: The database user needs the '<strong>CREATE</strong>' right in order to install this plugin.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
$query2 = "CREATE TABLE IF NOT EXISTS {$table2} (\n `entryId` bigint(20) unsigned NOT NULL auto_increment,\n `entryTime` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',\n `entryIp` text,\n `entryReferrer` text,\n `entryUA` text,\n `entryRequestedUrl` text,\n `entryCountry` varchar(125) not null,\n `entryCity` varchar(125) not null,\n `blogId` INT(10) NOT NULL DEFAULT 1,\n PRIMARY KEY (entryId)) {$charset_collate};";
$result = @$wpdb->query($query2);
if ($result === false) {
//#! MySQL error
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$query2}</pre></strong>.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
$alterCheck = false;
wssLog("table created: {$table2}.");
}
if ($alterCheck) {
wssLog("Alter check needed for {$table2}.");
if (!$hasAlterRight) {
wssLog('NO ALTER RIGHT');
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>: The database user needs the '<strong>ALTER</strong>' right in order to install this plugin.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
// Get columns
$query = "SHOW COLUMNS FROM {$table2}";
$cols = $wpdb->get_results($query, ARRAY_A);
$columns = array();
if (empty($cols)) {
wssLog("Could not retrieve columns from table: {$table2}");
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$query}</pre></strong>. Please inform the plugin author about this error.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
foreach ($cols as $i => $values) {
if (isset($values['Field']) && !empty($values['Field'])) {
array_push($columns, $values['Field']);
}
}
$entryCountryExists = $entryCityExists = $blogIdExists = false;
if (in_array('entryCountry', $columns)) {
$entryCountryExists = true;
}
if (in_array('entryCity', $columns)) {
$entryCityExists = true;
}
if (in_array('blogId', $columns)) {
$blogIdExists = true;
}
//## Check for column: entryCountry
wssLog("Checking for column: entryCountry");
if (!$entryCountryExists) {
// alter table
$q = "ALTER TABLE {$table2} ADD COLUMN `entryCountry` VARCHAR(125) NOT NULL DEFAULT '' AFTER `entryRequestedUrl`;";
$result = @$wpdb->query($q);
if ($result === false) {
wssLog('MySql error: ' . mysql_error());
wssLog("Error running query: {$q}");
//#! MySQL error
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$q}</pre></strong>.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
wssLog("Column: entryCountry not found in table {$table2}. but was added.");
} else {
wssLog("column already exists: entryCountry");
}
//## Check for column: entryCity
wssLog("Checking for column: entryCity");
if (!$entryCityExists) {
$q = "ALTER TABLE {$table2} ADD COLUMN `entryCity` VARCHAR(125) NOT NULL DEFAULT '' AFTER `entryCountry`;";
$result = @$wpdb->query($q);
if ($result === false) {
//#! MySQL error
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$q}</pre></strong>.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
wssLog("Column: entryCity not found in table {$table2}. but was added.");
} else {
wssLog("column already exists: entryCity");
}
//## Check for column: blogId
wssLog("Checking for column: blogId");
if (!$blogIdExists) {
$q = "ALTER TABLE {$table2} ADD COLUMN `blogId` INT(10) NOT NULL DEFAULT 1 AFTER `entryCity`;";
$result = @$wpdb->query($q);
if ($result === false) {
//#! MySQL error
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$q}</pre></strong>.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
wssLog("Column: blogId not found in table {$table2}. but was added.");
} else {
wssLog("column already exists: blogid");
}
wssLog("{$table2} updated successfully");
}
if (!WsdUtil::tableExists($table3)) {
wssLog("table not found: {$table3}");
if (!$hasCreateRight) {
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>: The database user needs the '<strong>CREATE</strong>' right in order to install this plugin.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
$query3 = "CREATE TABLE IF NOT EXISTS {$table3} (\n `entryId` BIGINT NOT NULL AUTO_INCREMENT ,\n `scanId` INT NOT NULL ,\n `filePath` VARCHAR(1000) NOT NULL ,\n `dateModified` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00' ,\n `fileNotFound` TINYINT NOT NULL DEFAULT 0,\n PRIMARY KEY (`entryId`) ,\n UNIQUE INDEX `entryId_UNIQUE` (`entryId` ASC) ) {$charset_collate};";
$result = @$wpdb->query($query3);
if ($result === false) {
//#! MySQL error
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$query3}</pre></strong>.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
wssLog("table created: {$table3}.");
}
if (!WsdUtil::tableExists($table4)) {
wssLog("table not found: {$table4}");
if (!$hasCreateRight) {
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>: The database user needs the '<strong>CREATE</strong>' right in order to install this plugin.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
$query4 = "CREATE TABLE {$table4} (\n `scanId` INT NOT NULL AUTO_INCREMENT ,\n `scanStartDate` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',\n `scanEndDate` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',\n `scanResult` INT NOT NULL DEFAULT 0,\n `failReason` VARCHAR(5000) NOT NULL DEFAULT '',\n `scanType` int(11) NOT NULL DEFAULT '0',\n PRIMARY KEY (`scanId`) ) {$charset_collate};";
$result = @$wpdb->query($query4);
if ($result === false) {
//#! MySQL error
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$query4}</pre></strong>.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
}
WpsOption::addOption(WpsSettings::CAN_RUN_TASKS_OPTION_NAME, 1);
return true;
}
//## Assume FALSE
$showPage = false;
// whether or not to display this page
$isWPConfigWritable = false;
// whether or not the wp-config file is writable
$cdtpIsPostBack = false;
// whether or not the form was posted back.
$acxInfoMessage = $wsd_Message = '';
// Hold the error/info messages generated on form postback
$old_prefix = $table_prefix;
$new_prefix = '';
// leave empty. it will be populated at runtime
$canAlter = false;
// Assume the user doesn't have ALTER rights
$wpConfigFile = trailingslashit(ABSPATH) . 'wp-config.php';
$acx_dbRights = WsdInfoServer::getDatabaseUserAccessRights();
if (is_writable($wpConfigFile)) {
$isWPConfigWritable = true;
}
if ($acx_dbRights['rightsEnough']) {
$canAlter = true;
}
//!! Check wp-config.php file and rights first
if ($isWPConfigWritable && $canAlter) {
$showPage = true;
}
// Check if user has enough rights to alter the Table structure
if ($acx_dbRights['rightsEnough']) {
$_canAlter = '<span style="color: #060; font-weight: 900;">(' . __('Yes') . ')</span>';
} else {
$_canAlter = '<span style="color: #f00; font-weight: 900;">(' . __('No') . ')</span>';
