function process_bulk_action()
{
if ('unblock' === $this->current_action()) {
//Process unlock bulk actions
if (!isset($_REQUEST['item'])) {
AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes', 'all-in-one-wp-security-and-firewall'));
} else {
$this->unblock_ip_address($_REQUEST['item']);
}
}
}
function process_bulk_action()
{
if ('delete' === $this->current_action()) {
//Process delete bulk actions
if (!isset($_REQUEST['item'])) {
AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes', 'aiowpsecurity'));
} else {
$this->delete_404_event_records($_REQUEST['item']);
}
}
}
function blacklist_ip_address($entries)
{
global $wpdb, $aio_wp_security;
$bl_ip_addresses = $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses');
//get the currently saved blacklisted IPs
$ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($bl_ip_addresses);
if (is_array($entries)) {
//Get the selected IP addresses
$id_list = "(" . implode(",", $entries) . ")";
//Create comma separate list for DB operation
$events_table = AIOWPSEC_TBL_EVENTS;
$query = "SELECT ip_or_host FROM {$events_table} WHERE ID IN " . $id_list;
$results = $wpdb->get_col($query);
if (empty($results)) {
AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Could not process the request because the IP addresses for the selected entries could not be found!', 'WPS'));
return false;
} else {
foreach ($results as $entry) {
$ip_list_array[] = $entry;
}
}
} elseif ($entries != NULL) {
//Blacklist single record
$ip_list_array[] = $entries;
}
$payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'blacklist');
if ($payload[0] == 1) {
//success case
$result = 1;
$list = $payload[1];
$banned_ip_data = implode(PHP_EOL, $list);
$aio_wp_security->configs->set_value('aiowps_enable_blacklisting', '1');
//Force blacklist feature to be enabled
$aio_wp_security->configs->set_value('aiowps_banned_ip_addresses', $banned_ip_data);
$aio_wp_security->configs->save_config();
//Save the configuration
$write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
//now let's write to the .htaccess file
if ($write_result == -1) {
AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The plugin was unable to write to the .htaccess file. Please edit file manually.', 'aiowpsecurity'));
$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Blacklist_Menu - The plugin was unable to write to the .htaccess file.");
} else {
AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP addresses have been added to the blacklist and will be permanently blocked!', 'WPS'));
}
} else {
$result = -1;
$error_msg = $payload[1][0];
AIOWPSecurity_Admin_Menu::show_msg_error_st($error_msg);
}
}
function approve_selected_accounts($entries)
{
global $wpdb, $aio_wp_security;
$meta_key = 'aiowps_account_status';
$meta_value = 'approved';
//set account status
$failed_accts = '';
//string to store comma separated accounts which failed to update
$at_least_one_updated = false;
if (is_array($entries)) {
//Let's go through each entry and approve
foreach ($entries as $user_id) {
$result = update_user_meta($user_id, $meta_key, $meta_value);
if ($result === false) {
$failed_accts .= ' ' . $user_id . ',';
$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::approve_selected_accounts() - could not approve account ID: {$user_id}", 4);
} else {
$at_least_one_updated = true;
$user = get_user_by('id', $user_id);
if ($user === false) {
//don't send mail
} else {
$email_msg = '';
$to_email_address = $user->user_email;
$subject = '[' . get_option('siteurl') . '] ' . __('Your account is now active', 'all-in-one-wp-security-and-firewall');
$email_msg .= __('Your account with user ID:', 'all-in-one-wp-security-and-firewall') . $user->ID . __(' is now active', 'all-in-one-wp-security-and-firewall') . "\n";
$site_title = get_bloginfo('name');
$from_name = empty($site_title) ? 'WordPress' : $site_title;
$email_header = 'From: ' . $from_name . ' <' . get_bloginfo('admin_email') . '>' . "\r\n\\";
$sendMail = wp_mail($to_email_address, $subject, $email_msg, $email_header);
if (FALSE === $sendMail) {
$aio_wp_security->debug_logger->log_debug("Manual account approval notification email failed to send to " . $to_email_address, 4);
}
}
}
}
if ($at_least_one_updated) {
AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected accounts were approved successfully!', 'all-in-one-wp-security-and-firewall'));
}
if ($failed_accts != '') {
//display any failed account updates
rtrim($failed_accts);
AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The following accounts failed to update successfully: ', 'all-in-one-wp-security-and-firewall') . $failed_accts);
}
} elseif ($entries != NULL) {
//Approve single account
$result = update_user_meta($entries, $meta_key, $meta_value);
if ($result) {
AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected account was approved successfully!', 'all-in-one-wp-security-and-firewall'));
$user = get_user_by('id', $entries);
$to_email_address = $user->user_email;
$email_msg = '';
$subject = '[' . get_option('siteurl') . '] ' . __('Your account is now active', 'all-in-one-wp-security-and-firewall');
$email_msg .= __('Your account with username: '******'all-in-one-wp-security-and-firewall') . $user->user_login . __(' is now active', 'all-in-one-wp-security-and-firewall') . "\n";
$site_title = get_bloginfo('name');
$from_name = empty($site_title) ? 'WordPress' : $site_title;
$email_header = 'From: ' . $from_name . ' <' . get_bloginfo('admin_email') . '>' . "\r\n\\";
$sendMail = wp_mail($to_email_address, $subject, $email_msg, $email_header);
if (FALSE === $sendMail) {
$aio_wp_security->debug_logger->log_debug("Manual account approval notification email failed to send to " . $to_email_address, 4);
}
} else {
if ($result === false) {
$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::approve_selected_accounts() - could not approve account ID: {$user_id}", 4);
}
}
}
}
function block_spammer_ip_records($entries)
{
global $wpdb, $aio_wp_security;
$raw_banned_ip_list = $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses');
$currently_banned_ips = explode(PHP_EOL, $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses'));
if (is_array($entries)) {
//Bulk selection using checkboxes were used
foreach ($entries as $ip_add) {
if (!empty($currently_banned_ips) && !(sizeof($currently_banned_ips) == 1 && trim($currently_banned_ips[0]) == '')) {
//Check if the IP address is already in the blacklist. If not add it to the list.
if (!in_array($ip_add, $currently_banned_ips)) {
$raw_banned_ip_list .= PHP_EOL . $ip_add;
}
} else {
//if blacklist is currently empty just add all IP addresses to the list regardless
$raw_banned_ip_list .= PHP_EOL . $ip_add;
}
}
} else {
if ($entries != NULL) {
//individual entry where "block" link was clicked
//Check if the IP address is already in the blacklist. If not add it to the list.
if (!in_array($entries, $currently_banned_ips)) {
$raw_banned_ip_list .= PHP_EOL . $entries;
}
}
}
//Let's save the selected IP addresses to the blacklist config
$aio_wp_security->configs->set_value('aiowps_banned_ip_addresses', $raw_banned_ip_list);
//Save the blocked IP address config variable with the newly added addresses
$aio_wp_security->configs->save_config();
AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP addresses were saved in the blacklist configuration settings.', 'aiowpsecurity'));
//Let's check if the Enable Blacklisting flag has been set - If so, we will write the new data to the .htaccess file.
if ($aio_wp_security->configs->get_value('aiowps_enable_blacklisting') == '1') {
$write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
if ($write_result == -1) {
AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The plugin was unable to write to the .htaccess file. Please edit file manually.', 'aiowpsecurity'));
$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Blacklist_Menu - The plugin was unable to write to the .htaccess file.");
} else {
AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The .htaccess file was successfully modified to include the selected IP addresses.', 'aiowpsecurity'));
}
} else {
$blacklist_settings_link = '<a href="admin.php?page=' . AIOWPSEC_BLACKLIST_MENU_SLUG . '">Ban Users</a>';
$info_msg = '<p>' . __('NOTE: The .htaccess file was not modified because you have disabled the "Enable IP or User Agent Blacklisting" check box.', 'aiowpsecurity') . '<br />' . sprintf(__('To block these IP addresses you will need to enable the above flag in the %s menu', 'aiowpsecurity'), $blacklist_settings_link) . '</p>';
AIOWPSecurity_Admin_Menu::show_msg_updated_st($info_msg);
}
}
static function disable_file_edits()
{
global $aio_wp_security;
$edit_file_config_entry_exists = false;
//Config file path
$config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path();
//Get wp-config.php file contents so we can check if the "DISALLOW_FILE_EDIT" variable already exists
$config_contents = file($config_file);
foreach ($config_contents as $line_num => $line) {
if (strpos($line, "'DISALLOW_FILE_EDIT', false")) {
$config_contents[$line_num] = str_replace('false', 'true', $line);
$edit_file_config_entry_exists = true;
//$this->show_msg_updated(__('Settings Saved - The ability to edit PHP files via the admin the panel has been DISABLED.', 'all-in-one-wp-security-and-firewall'));
} else {
if (strpos($line, "'DISALLOW_FILE_EDIT', true")) {
$edit_file_config_entry_exists = true;
//$this->show_msg_updated(__('Your system config file is already configured to disallow PHP file editing.', 'all-in-one-wp-security-and-firewall'));
return true;
}
}
//For wp-config.php files originating from early WP versions we will remove the closing php tag
if (strpos($line, "?>") !== false) {
$config_contents[$line_num] = str_replace("?>", "", $line);
}
}
if (!$edit_file_config_entry_exists) {
//Construct the config code which we will insert into wp-config.php
$new_snippet = '//Disable File Edits' . PHP_EOL;
$new_snippet .= 'define(\'DISALLOW_FILE_EDIT\', true);';
$config_contents[] = $new_snippet;
//Append the new snippet to the end of the array
}
//Make a backup of the config file
if (!AIOWPSecurity_Utility_File::backup_and_rename_wp_config($config_file)) {
AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Failed to make a backup of the wp-config.php file. This operation will not go ahead.', 'all-in-one-wp-security-and-firewall'));
//$aio_wp_security->debug_logger->log_debug("Disable PHP File Edit - Failed to make a backup of the wp-config.php file.",4);
return false;
} else {
//$this->show_msg_updated(__('A backup copy of your wp-config.php file was created successfully....', 'all-in-one-wp-security-and-firewall'));
}
//Now let's modify the wp-config.php file
if (AIOWPSecurity_Utility_File::write_content_to_file($config_file, $config_contents)) {
//$this->show_msg_updated(__('Settings Saved - Your system is now configured to not allow PHP file editing.', 'all-in-one-wp-security-and-firewall'));
return true;
} else {
//$this->show_msg_error(__('Operation failed! Unable to modify wp-config.php file!', 'all-in-one-wp-security-and-firewall'));
$aio_wp_security->debug_logger->log_debug("Disable PHP File Edit - Unable to modify wp-config.php", 4);
return false;
}
}
