function block_selected_ips($entries)
 {
     global $wpdb, $aio_wp_security;
     if (is_array($entries)) {
         if (isset($_REQUEST['_wp_http_referer'])) {
             //Let's go through each entry and block IP
             foreach ($entries as $id) {
                 $ip_address = get_user_meta($id, 'aiowps_registrant_ip', true);
                 $result = AIOWPSecurity_Blocking::add_ip_to_block_list($ip_address, 'registration_spam');
                 if ($result === false) {
                     $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::block_selected_ips() - could not block IP : {$ip_address}", 4);
                 }
             }
             $msg = __('The selected IP addresses were successfully added to the permanent block list!', 'all-in-one-wp-security-and-firewall');
             $msg .= ' <a href="admin.php?page=' . AIOWPSEC_MAIN_MENU_SLUG . '&tab=tab4" target="_blank">' . __('View Blocked IPs', 'all-in-one-wp-security-and-firewall') . '</a>';
             AIOWPSecurity_Admin_Menu::show_msg_updated_st($msg);
         }
     } elseif ($entries != NULL) {
         $nonce = isset($_GET['aiowps_nonce']) ? $_GET['aiowps_nonce'] : '';
         if (!isset($nonce) || !wp_verify_nonce($nonce, 'block_ip')) {
             $aio_wp_security->debug_logger->log_debug("Nonce check failed for block IP operation of registered user!", 4);
             die(__('Nonce check failed for block IP operation of registered user!', 'all-in-one-wp-security-and-firewall'));
         }
         //Block single IP
         $result = AIOWPSecurity_Blocking::add_ip_to_block_list($entries, 'registration_spam');
         if ($result === true) {
             $msg = __('The selected IP was successfully added to the permanent block list!', 'all-in-one-wp-security-and-firewall');
             $msg .= ' <a href="admin.php?page=' . AIOWPSEC_MAIN_MENU_SLUG . '&tab=tab4" target="_blank">' . __('View Blocked IPs', 'all-in-one-wp-security-and-firewall') . '</a>';
             AIOWPSecurity_Admin_Menu::show_msg_updated_st($msg);
         } else {
             $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::block_selected_ips() - could not block IP: {$entries}", 4);
         }
     }
 }
Пример #2
0
 function delete_404_event_records($entries)
 {
     global $wpdb, $aio_wp_security;
     $events_table = AIOWPSEC_TBL_EVENTS;
     if (is_array($entries)) {
         if (isset($_REQUEST['_wp_http_referer'])) {
             //Delete multiple records
             $entries = array_map('esc_sql', $entries);
             //escape every array element
             $id_list = "(" . implode(",", $entries) . ")";
             //Create comma separate list for DB operation
             $delete_command = "DELETE FROM " . $events_table . " WHERE id IN " . $id_list;
             $result = $wpdb->query($delete_command);
             if ($result != NULL) {
                 AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
             }
         }
     } elseif ($entries != NULL) {
         $nonce = isset($_GET['aiowps_nonce']) ? $_GET['aiowps_nonce'] : '';
         if (!isset($nonce) || !wp_verify_nonce($nonce, 'delete_404_log')) {
             $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete selected 404 event logs operation!", 4);
             die(__('Nonce check failed for delete selected 404 event logs operation!', 'aiowpsecurity'));
         }
         //Delete single record
         $delete_command = "DELETE FROM " . $events_table . " WHERE id = '" . absint($entries) . "'";
         //$delete_command = $wpdb->prepare("DELETE FROM $events_table WHERE id = %s", absint($entries));
         $result = $wpdb->query($delete_command);
         if ($result != NULL) {
             AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
         }
     }
 }
 function unblock_ip_address($entries)
 {
     global $wpdb, $aio_wp_security;
     if (is_array($entries)) {
         if (isset($_REQUEST['_wp_http_referer'])) {
             //Delete multiple records
             $entries = array_filter($entries, 'is_numeric');
             //discard non-numeric ID values
             $id_list = "(" . implode(",", $entries) . ")";
             //Create comma separate list for DB operation
             $delete_command = "DELETE FROM " . AIOWPSEC_TBL_PERM_BLOCK . " WHERE id IN " . $id_list;
             $result = $wpdb->query($delete_command);
             if ($result != NULL) {
                 AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
             }
         }
     } elseif ($entries != NULL) {
         $nonce = isset($_GET['aiowps_nonce']) ? $_GET['aiowps_nonce'] : '';
         if (!isset($nonce) || !wp_verify_nonce($nonce, 'unblock_ip')) {
             $aio_wp_security->debug_logger->log_debug("Nonce check failed for unblock IP operation!", 4);
             die(__('Nonce check failed for unblock IP operation!', 'all-in-one-wp-security-and-firewall'));
         }
         //Delete single record
         $delete_command = "DELETE FROM " . AIOWPSEC_TBL_PERM_BLOCK . " WHERE id = '" . absint($entries) . "'";
         $result = $wpdb->query($delete_command);
         if ($result != NULL) {
             AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
         }
     }
 }
 function block_spammer_ip_records($entries)
 {
     global $wpdb, $aio_wp_security;
     $raw_banned_ip_list = $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses');
     $currently_banned_ips = explode(PHP_EOL, $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses'));
     if (is_array($entries)) {
         //Bulk selection using checkboxes were used
         foreach ($entries as $ip_add) {
             if (!empty($currently_banned_ips) && !(sizeof($currently_banned_ips) == 1 && trim($currently_banned_ips[0]) == '')) {
                 //Check if the IP address is already in the blacklist. If not add it to the list.
                 if (!in_array($ip_add, $currently_banned_ips)) {
                     $raw_banned_ip_list .= PHP_EOL . $ip_add;
                 }
             } else {
                 //if blacklist is currently empty just add all IP addresses to the list regardless
                 $raw_banned_ip_list .= PHP_EOL . $ip_add;
             }
         }
     } else {
         if ($entries != NULL) {
             //individual entry where "block" link was clicked
             //Check if the IP address is already in the blacklist. If not add it to the list.
             if (!in_array($entries, $currently_banned_ips)) {
                 $raw_banned_ip_list .= PHP_EOL . $entries;
             }
         }
     }
     //Let's save the selected IP addresses to the blacklist config
     $aio_wp_security->configs->set_value('aiowps_banned_ip_addresses', $raw_banned_ip_list);
     //Save the blocked IP address config variable with the newly added addresses
     $aio_wp_security->configs->save_config();
     AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP addresses were saved in the blacklist configuration settings.', 'aiowpsecurity'));
     //Let's check if the Enable Blacklisting flag has been set - If so, we will write the new data to the .htaccess file.
     if ($aio_wp_security->configs->get_value('aiowps_enable_blacklisting') == '1') {
         $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
         if ($write_result == -1) {
             AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The plugin was unable to write to the .htaccess file. Please edit file manually.', 'aiowpsecurity'));
             $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Blacklist_Menu - The plugin was unable to write to the .htaccess file.");
         } else {
             AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The .htaccess file was successfully modified to include the selected IP addresses.', 'aiowpsecurity'));
         }
     } else {
         $blacklist_settings_link = '<a href="admin.php?page=' . AIOWPSEC_BLACKLIST_MENU_SLUG . '">Ban Users</a>';
         $info_msg = '<p>' . __('NOTE: The .htaccess file was not modified because you have disabled the "Enable IP or User Agent Blacklisting" check box.', 'aiowpsecurity') . '<br />' . sprintf(__('To block these IP addresses you will need to enable the above flag in the %s menu', 'aiowpsecurity'), $blacklist_settings_link) . '</p>';
         AIOWPSecurity_Admin_Menu::show_msg_updated_st($info_msg);
     }
 }
 function delete_lockdown_records($entries)
 {
     global $wpdb;
     $lockdown_table = AIOWPSEC_TBL_LOGIN_LOCKDOWN;
     if (is_array($entries)) {
         //Delete multiple records
         $id_list = "(" . implode(",", $entries) . ")";
         //Create comma separate list for DB operation
         $delete_command = "DELETE FROM " . $lockdown_table . " WHERE id IN " . $id_list;
         $result = $wpdb->query($delete_command);
         if ($result != NULL) {
             AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
         }
     } elseif ($entries != NULL) {
         //Delete single record
         $delete_command = "DELETE FROM " . $lockdown_table . " WHERE id = '" . absint($entries) . "'";
         $result = $wpdb->query($delete_command);
         if ($result != NULL) {
             AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
         }
     }
 }
 function delete_lockdown_records($entries)
 {
     global $wpdb, $aio_wp_security;
     $lockdown_table = AIOWPSEC_TBL_LOGIN_LOCKDOWN;
     if (is_array($entries)) {
         if (isset($_REQUEST['_wp_http_referer'])) {
             //Delete multiple records
             $id_list = "(" . implode(",", $entries) . ")";
             //Create comma separate list for DB operation
             $delete_command = "DELETE FROM " . $lockdown_table . " WHERE id IN " . $id_list;
             $result = $wpdb->query($delete_command);
             if ($result != NULL) {
                 AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
             }
         }
     } elseif ($entries != NULL) {
         $nonce = isset($_GET['aiowps_nonce']) ? $_GET['aiowps_nonce'] : '';
         if (!isset($nonce) || !wp_verify_nonce($nonce, 'delete_lockdown_record')) {
             $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete lockdown record operation!", 4);
             die(__('Nonce check failed for delete lockdown record operation!', 'aiowpsecurity'));
         }
         //Delete single record
         $delete_command = "DELETE FROM " . $lockdown_table . " WHERE id = '" . absint($entries) . "'";
         $result = $wpdb->query($delete_command);
         if ($result != NULL) {
             AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
         }
     }
 }
 function delete_selected_accounts($entries)
 {
     global $wpdb, $aio_wp_security;
     if (is_array($entries)) {
         //Let's go through each entry and delete account
         foreach ($entries as $user_id) {
             $result = wp_delete_user($user_id);
             if ($result !== true) {
                 $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::delete_selected_accounts() - could not delete account ID: {$user_id}", 4);
             }
         }
         AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected accounts were deleted successfully!', 'aiowpsecurity'));
     } elseif ($entries != NULL) {
         //Delete single account
         $result = wp_delete_user($entries);
         if ($result === true) {
             AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected account was deleted successfully!', 'aiowpsecurity'));
         } else {
             $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::delete_selected_accounts() - could not delete account ID: {$entries}", 4);
         }
     }
 }
 function delete_selected_accounts($entries)
 {
     global $wpdb, $aio_wp_security;
     if (is_array($entries)) {
         if (isset($_REQUEST['_wp_http_referer'])) {
             //Let's go through each entry and delete account
             foreach ($entries as $user_id) {
                 $result = wp_delete_user($user_id);
                 if ($result !== true) {
                     $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::delete_selected_accounts() - could not delete account ID: {$user_id}", 4);
                 }
             }
             AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected accounts were deleted successfully!', 'aiowpsecurity'));
         }
     } elseif ($entries != NULL) {
         $nonce = isset($_GET['aiowps_nonce']) ? $_GET['aiowps_nonce'] : '';
         if (!isset($nonce) || !wp_verify_nonce($nonce, 'delete_user_acct')) {
             $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete registered user account operation!", 4);
             die(__('Nonce check failed for delete registered user account operation!', 'aiowpsecurity'));
         }
         //Delete single account
         $result = wp_delete_user($entries);
         if ($result === true) {
             AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected account was deleted successfully!', 'aiowpsecurity'));
         } else {
             $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::delete_selected_accounts() - could not delete account ID: {$entries}", 4);
         }
     }
 }
 static function disable_file_edits()
 {
     global $aio_wp_security;
     $edit_file_config_entry_exists = false;
     //Config file path
     $config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path();
     //Get wp-config.php file contents so we can check if the "DISALLOW_FILE_EDIT" variable already exists
     $config_contents = file($config_file);
     foreach ($config_contents as $line_num => $line) {
         if (strpos($line, "'DISALLOW_FILE_EDIT', false")) {
             $config_contents[$line_num] = str_replace('false', 'true', $line);
             $edit_file_config_entry_exists = true;
             //$this->show_msg_updated(__('Settings Saved - The ability to edit PHP files via the admin the panel has been DISABLED.', 'all-in-one-wp-security-and-firewall'));
         } else {
             if (strpos($line, "'DISALLOW_FILE_EDIT', true")) {
                 $edit_file_config_entry_exists = true;
                 //$this->show_msg_updated(__('Your system config file is already configured to disallow PHP file editing.', 'all-in-one-wp-security-and-firewall'));
                 return true;
             }
         }
         //For wp-config.php files originating from early WP versions we will remove the closing php tag
         if (strpos($line, "?>") !== false) {
             $config_contents[$line_num] = str_replace("?>", "", $line);
         }
     }
     if (!$edit_file_config_entry_exists) {
         //Construct the config code which we will insert into wp-config.php
         $new_snippet = '//Disable File Edits' . PHP_EOL;
         $new_snippet .= 'define(\'DISALLOW_FILE_EDIT\', true);';
         $config_contents[] = $new_snippet;
         //Append the new snippet to the end of the array
     }
     //Make a backup of the config file
     if (!AIOWPSecurity_Utility_File::backup_and_rename_wp_config($config_file)) {
         AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Failed to make a backup of the wp-config.php file. This operation will not go ahead.', 'all-in-one-wp-security-and-firewall'));
         //$aio_wp_security->debug_logger->log_debug("Disable PHP File Edit - Failed to make a backup of the wp-config.php file.",4);
         return false;
     } else {
         //$this->show_msg_updated(__('A backup copy of your wp-config.php file was created successfully....', 'all-in-one-wp-security-and-firewall'));
     }
     //Now let's modify the wp-config.php file
     if (AIOWPSecurity_Utility_File::write_content_to_file($config_file, $config_contents)) {
         //$this->show_msg_updated(__('Settings Saved - Your system is now configured to not allow PHP file editing.', 'all-in-one-wp-security-and-firewall'));
         return true;
     } else {
         //$this->show_msg_error(__('Operation failed! Unable to modify wp-config.php file!', 'all-in-one-wp-security-and-firewall'));
         $aio_wp_security->debug_logger->log_debug("Disable PHP File Edit - Unable to modify wp-config.php", 4);
         return false;
     }
 }