/**
* Write all active rules to .htaccess file.
*
* @return boolean True on success, false on failure.
*/
static function write_to_htaccess()
{
global $aio_wp_security;
//figure out what server is being used
if (AIOWPSecurity_Utility::get_server_type() == -1) {
$aio_wp_security->debug_logger->log_debug("Unable to write to .htaccess - server type not supported!", 4);
return false;
//unable to write to the file
}
//clean up old rules first
if (AIOWPSecurity_Utility_Htaccess::delete_from_htaccess() == -1) {
$aio_wp_security->debug_logger->log_debug("Delete operation of .htaccess file failed!", 4);
return false;
//unable to write to the file
}
$htaccess = ABSPATH . '.htaccess';
if (!($f = @fopen($htaccess, 'a+'))) {
@chmod($htaccess, 0644);
if (!($f = @fopen($htaccess, 'a+'))) {
$aio_wp_security->debug_logger->log_debug("chmod operation on .htaccess failed!", 4);
return false;
}
}
AIOWPSecurity_Utility_File::backup_and_rename_htaccess($htaccess);
//TODO - we dont want to continually be backing up the htaccess file
@ini_set('auto_detect_line_endings', true);
$ht = explode(PHP_EOL, implode('', file($htaccess)));
//parse each line of file into array
$rules = AIOWPSecurity_Utility_Htaccess::getrules();
$rulesarray = explode(PHP_EOL, $rules);
$rulesarray = apply_filters('aiowps_htaccess_rules_before_writing', $rulesarray);
$contents = array_merge($rulesarray, $ht);
if (!($f = @fopen($htaccess, 'w+'))) {
$aio_wp_security->debug_logger->log_debug("Write operation on .htaccess failed!", 4);
return false;
//we can't write to the file
}
$blank = false;
//write each line to file
foreach ($contents as $insertline) {
if (trim($insertline) == '') {
if ($blank == false) {
fwrite($f, PHP_EOL . trim($insertline));
}
$blank = true;
} else {
$blank = false;
fwrite($f, PHP_EOL . trim($insertline));
}
}
@fclose($f);
return true;
//success
}
function render_tab2()
{
global $aio_wp_security;
if (isset($_POST['aiowps_save_htaccess'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-save-htaccess-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on htaccess file save!", 4);
die("Nonce check failed on htaccess file save!");
}
$htaccess_path = ABSPATH . '.htaccess';
$result = AIOWPSecurity_Utility_File::backup_and_rename_htaccess($htaccess_path);
//Backup the htaccess file
if ($result) {
$random_prefix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
$aiowps_backup_dir = WP_CONTENT_DIR . '/' . AIO_WP_SECURITY_BACKUPS_DIR_NAME;
if (rename($aiowps_backup_dir . '/' . '.htaccess.backup', $aiowps_backup_dir . '/' . $random_prefix . '_htaccess_backup.txt')) {
echo '<div id="message" class="updated fade"><p>';
_e('Your .htaccess file was successfully backed up! Using an FTP program go to the "/wp-content/aiowps_backups" directory to save a copy of the file to your computer.', 'aiowpsecurity');
echo '</p></div>';
} else {
$aio_wp_security->debug_logger->log_debug("htaccess file rename failed during backup!", 4);
$this->show_msg_error(__('htaccess file rename failed during backup. Please check your root directory for the backup file using FTP.', 'aiowpsecurity'));
}
} else {
$aio_wp_security->debug_logger->log_debug("htaccess - Backup operation failed!", 4);
$this->show_msg_error(__('htaccess backup failed.', 'aiowpsecurity'));
}
}
if (isset($_POST['aiowps_restore_htaccess_button'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-restore-htaccess-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on htaccess file restore!", 4);
die("Nonce check failed on htaccess file restore!");
}
if (empty($_POST['aiowps_htaccess_file'])) {
$this->show_msg_error(__('Please choose a .htaccess to restore from.', 'aiowpsecurity'));
} else {
//Let's copy the uploaded .htaccess file into the active root file
$new_htaccess_file_path = trim($_POST['aiowps_htaccess_file']);
//TODO
//Verify that file chosen has contents which are relevant to .htaccess file
$is_htaccess = AIOWPSecurity_Utility_Htaccess::check_if_htaccess_contents($new_htaccess_file_path);
if ($is_htaccess == 1) {
$active_root_htaccess = ABSPATH . '.htaccess';
if (!copy($new_htaccess_file_path, $active_root_htaccess)) {
//Failed to make a backup copy
$aio_wp_security->debug_logger->log_debug("htaccess - Restore from .htaccess operation failed!", 4);
$this->show_msg_error(__('htaccess file restore failed. Please attempt to restore the .htaccess manually using FTP.', 'aiowpsecurity'));
} else {
$this->show_msg_updated(__('Your .htaccess file has successfully been restored!', 'aiowpsecurity'));
}
} else {
$aio_wp_security->debug_logger->log_debug("htaccess restore failed - Contents of restore file appear invalid!", 4);
$this->show_msg_error(__('htaccess Restore operation failed! Please check the contents of the file you are trying to restore from.', 'aiowpsecurity'));
}
}
}
?>
<h2><?php
_e('.htaccess File Operations', 'aiowpsecurity');
?>
</h2>
<div class="aio_blue_box">
<?php
echo '<p>' . __('Your ".htaccess" file is a key component of your website\'s security and it can be modified to implement various levels of protection mechanisms.', 'aiowpsecurity') . '
<br />' . __('This feature allows you to backup and save your currently active .htaccess file should you need to re-use the the backed up file in the future.', 'aiowpsecurity') . '
<br />' . __('You can also restore your site\'s .htaccess settings using a backed up .htaccess file.', 'aiowpsecurity') . '
</p>';
?>
</div>
<?php
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
//Hide config settings if MS and not main site
AIOWPSecurity_Utility::display_multisite_message();
} else {
?>
<div class="postbox">
<h3><label for="title"><?php
_e('Save the current .htaccess file', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-save-htaccess-nonce');
?>
<p class="description"><?php
_e('Click the button below to backup and save the currently active .htaccess file.', 'aiowpsecurity');
?>
</p>
<input type="submit" name="aiowps_save_htaccess" value="<?php
_e('Backup .htaccess File', 'aiowpsecurity');
?>
" class="button-primary" />
</form>
</div></div>
<div class="postbox">
<h3><label for="title"><?php
_e('Restore from a backed up .htaccess file', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-restore-htaccess-nonce');
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('.htaccess file to restore from', 'aiowpsecurity');
?>
:</th>
<td>
<input type="button" id="aiowps_htaccess_file_button" name="aiowps_htaccess_file_button" class="button rbutton" value="Select Your htaccess File" />
<input name="aiowps_htaccess_file" type="text" id="aiowps_htaccess_file" value="" size="80" />
<p class="description">
<?php
_e('After selecting your file, click the button below to restore your site using the backed up htaccess file (htaccess_backup.txt).', 'aiowpsecurity');
?>
</p>
</td>
</tr>
</table>
<input type="submit" name="aiowps_restore_htaccess_button" value="<?php
_e('Restore .htaccess File', 'aiowpsecurity');
?>
" class="button-primary" />
</form>
</div></div>
<div class="postbox">
<h3><label for="title"><?php
_e('View Contents of the currently active .htaccess file', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<?php
$ht_file = ABSPATH . '.htaccess';
$ht_contents = AIOWPSecurity_Utility_File::get_file_contents($ht_file);
//echo $ht_contents;
?>
<textarea class="aio_text_area_file_output aio_half_width aio_spacer_10_tb" rows="15" readonly><?php
echo $ht_contents;
?>
</textarea>
</div></div>
<?php
}
// End if statement
}
