public function set_all($settings)
{
$retval = array('old_settings' => $this->settings, 'new_settings' => $this->settings, 'errors' => array(), 'messages' => array(), 'saved' => false);
$validator = ITSEC_Modules::get_validator($this->get_id());
if (is_null($validator)) {
$retval['errors'][] = new WP_Error('itsec-settings-missing-validator-for-' . $this->get_id(), sprintf(__('The data validator for %1$s is missing. Data for the module cannot be saved without the validator. This error could indicate a bad install of iThemes Security. Please remove the plugin and reinstall it. If this message persists, please contact support and send them this error message.', 'better-wp-security'), $this->get_id()));
} else {
$validator->validate($settings);
$retval['errors'] = $validator->get_errors();
$retval['messages'] = $validator->get_messages();
if ($validator->can_save()) {
$this->settings = $validator->get_settings();
ITSEC_Storage::set($this->get_id(), $this->settings);
$this->after_save();
$this->handle_settings_changes($retval['old_settings']);
$retval['new_settings'] = $this->settings;
$retval['saved'] = true;
} else {
ITSEC_Response::set_success(false);
}
}
ITSEC_Response::add_errors($retval['errors']);
ITSEC_Response::add_messages($retval['messages']);
return $retval;
}
/**
* Returns the messages array.
*
* This function should be left as-is in subclasses.
*
* @access public
*
* @return array Array of status or update messages.
*/
public function get_messages()
{
$validator = ITSEC_Modules::get_validator($this->id);
if (is_null($validator)) {
return array();
}
return $validator->get_messages();
}
protected function render_settings($form)
{
global $wp_locale;
$settings = $form->get_options();
$validator = ITSEC_Modules::get_validator($this->id);
$types = $validator->get_valid_types();
if (1 === $settings['start']) {
$tomorrow = date('Y-m-d', current_time('timestamp') + DAY_IN_SECONDS);
$new_start = strtotime("{$tomorrow} 1:00 am") - ITSEC_Core::get_time_offset();
$form->set_option('start', $new_start);
}
if (1 === $settings['end']) {
$tomorrow = date('Y-m-d', current_time('timestamp') + DAY_IN_SECONDS);
$new_end = strtotime("{$tomorrow} 6:00 am") - ITSEC_Core::get_time_offset();
$form->set_option('end', $new_end);
}
$date_format = get_option('date_format');
$time_format = get_option('time_format');
if (false !== strpos($time_format, 'G')) {
for ($hour = 0; $hour < 24; $hour++) {
$hours[$hour] = $hour;
}
} else {
if (false !== strpos($time_format, 'H')) {
for ($hour = 0; $hour < 24; $hour++) {
$hours[$hour] = sprintf('%02d', $hour);
}
} else {
for ($hour = 1; $hour <= 12; $hour++) {
$hours[$hour] = $hour;
}
if (false !== strpos($time_format, 'A')) {
$am = $wp_locale->get_meridiem('AM');
$pm = $wp_locale->get_meridiem('PM');
} else {
$am = $wp_locale->get_meridiem('am');
$pm = $wp_locale->get_meridiem('pm');
}
$meridiems = array('am' => $am, 'pm' => $pm);
}
}
for ($minute = 0; $minute <= 59; $minute++) {
$minutes[$minute] = sprintf('%02d', $minute);
}
$this->set_datetime_options($form, 'start', isset($meridiems));
$this->set_datetime_options($form, 'end', isset($meridiems));
/* translators: 1: date, 2: time */
$datetime_format = _x('%1$s \\a\\t %2$s', 'Date and time format', 'better-wp-security');
$datetime_format = sprintf($datetime_format, $date_format, $time_format);
$current_datetime = date_i18n($datetime_format);
?>
<p><?php
printf(__('Please note that according to your <a href="%s">WordPress Timezone settings</a> your current time is:', 'better-wp-security'), admin_url('options-general.php#timezone_string'));
?>
</p>
<p class="current-date-time"><?php
echo $current_datetime;
?>
</p>
<p><?php
printf(__('If this is incorrect, please update it on the <a href="%s">WordPress General Settings page</a> by selecting the appropriate time zone. Failure to set the correct timezone may result in unintended lockouts.', 'better-wp-security'), admin_url('options-general.php#timezone_string'));
?>
</p>
<table class="form-table itsec-settings-section">
<tr>
<th scope="row"><label for="itsec-away-mode-type"><?php
_e('Type of Restriction', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_select('type', $types);
?>
<br />
<p class="description"><?php
_e('Select the type of restriction you would like to enable.', 'better-wp-security');
?>
</p>
</td>
</tr>
<tr>
<th scope="row"><label for="itsec-away-mode-start_date"><?php
_e('Start Date', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_text('start_date');
?>
<br />
<p class="description"><?php
_e('Date when the admin dashboard should become unavailable.', 'better-wp-security');
?>
</p>
</td>
</tr>
<tr>
<th scope="row"><label for="itsec-away-mode-start_hour"><?php
_e('Start Time', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_select('start_hour', $hours);
?>
<?php
$form->add_select('start_minute', $minutes);
?>
<?php
if (isset($meridiems)) {
?>
<?php
$form->add_select('start_meridiem', $meridiems);
?>
<?php
}
?>
<br />
<p class="description"><?php
_e('Time when the admin dashboard should become unavailable.', 'better-wp-security');
?>
</p>
</td>
</tr>
<tr>
<th scope="row"><label for="itsec-away-mode-end_date"><?php
_e('End Date', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_text('end_date');
?>
<br />
<p class="description"><?php
_e('Date when the admin dashboard should become available again.', 'better-wp-security');
?>
</p>
</td>
</tr>
<tr>
<th scope="row"><label for="itsec-away-mode-end_hour"><?php
_e('End Time', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_select('end_hour', $hours);
?>
<?php
$form->add_select('end_minute', $minutes);
?>
<?php
if (isset($meridiems)) {
?>
<?php
$form->add_select('end_meridiem', $meridiems);
?>
<?php
}
?>
<p class="description"><?php
_e('Time when the admin dashboard should become available again.', 'better-wp-security');
?>
</p>
</td>
</tr>
</table>
<?php
}
protected function render_settings($form)
{
$validator = ITSEC_Modules::get_validator($this->id);
$log_types = $validator->get_valid_log_types();
$show_error_codes_options = array(false => __('No (default)'), true => __('Yes'));
?>
<table class="form-table itsec-settings-section">
<tr>
<th scope="row"><label for="itsec-global-write_files"><?php
_e('Write to Files', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_checkbox('write_files');
?>
<label for="itsec-global-write_files"><?php
_e('Allow iThemes Security to write to wp-config.php and .htaccess.', 'better-wp-security');
?>
</label>
<p class="description"><?php
_e('Whether or not iThemes Security should be allowed to write to wp-config.php and .htaccess automatically. If disabled you will need to manually place configuration options in those files.', 'better-wp-security');
?>
</p>
</td>
</tr>
<tr>
<th scope="row"><label for="itsec-global-notification_email"><?php
_e('Notification Email', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_textarea('notification_email', array('class' => 'textarea-small'));
?>
<p class="description"><?php
_e('The email address(es) all security notifications will be sent to. One address per line.', 'better-wp-security');
?>
</p>
</td>
</tr>
<tr>
<th scope="row"><label for="itsec-global-digest_email"><?php
_e('Send Digest Email', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_checkbox('digest_email');
?>
<label for="itsec-global-digest_email"><?php
_e('Send digest email', 'better-wp-security');
?>
</label>
<p class="description"><?php
_e('During periods of heavy attack or other times a security plugin can generate a LOT of email just telling you that it is doing its job. Turning this on will reduce the emails from this plugin to no more than one per day for any notification.', 'better-wp-security');
?>
</p>
</td>
</tr>
<tr>
<th scope="row"><label for="itsec-global-backup_email"><?php
_e('Backup Delivery Email', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_textarea('backup_email', array('class' => 'textarea-small'));
?>
<br />
<p class="description"><?php
_e('The email address(es) all database backups will be sent to. One address per line.', 'better-wp-security');
?>
</p>
</td>
</tr>
<tr>
<th scope="row"><label for="itsec-global-lockout_message"><?php
_e('Host Lockout Message', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_textarea('lockout_message', array('class' => 'widefat'));
?>
<p class="description"><?php
_e('The message to display when a computer (host) has been locked out.', 'better-wp-security');
?>
</p>
<p class="description"><?php
_e('You can use HTML in your message. Allowed tags include: a, br, em, strong, h1, h2, h3, h4, h5, h6, div.', 'better-wp-security');
?>
</p>
</td>
</tr>
<tr>
<th scope="row"><label for="itsec-global-user_lockout_message"><?php
_e('User Lockout Message', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_textarea('user_lockout_message', array('class' => 'widefat'));
?>
<p class="description"><?php
_e('The message to display to a user when their account has been locked out.', 'better-wp-security');
?>
</p>
<p class="description"><?php
_e('You can use HTML in your message. Allowed tags include: a, br, em, strong, h1, h2, h3, h4, h5, h6, div.', 'better-wp-security');
?>
</p>
</td>
</tr>
<tr>
<th scope="row"><label for="itsec-global-community_lockout_message"><?php
_e('Community Lockout Message', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_textarea('community_lockout_message', array('class' => 'widefat'));
?>
<p class="description"><?php
_e('The message to display to a user when their IP has been flagged as bad by the iThemes network.', 'better-wp-security');
?>
</p>
<p class="description"><?php
_e('You can use HTML in your message. Allowed tags include: a, br, em, strong, h1, h2, h3, h4, h5, h6, div.', 'better-wp-security');
?>
</p>
</td>
</tr>
<tr>
<th scope="row"><label for="itsec-global-blacklist"><?php
_e('Blacklist Repeat Offender', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_checkbox('blacklist');
?>
<label for="itsec-global-blacklist"><?php
_e('Enable Blacklist Repeat Offender', 'better-wp-security');
?>
</label>
<p class="description"><?php
_e('If this box is checked the IP address of the offending computer will be added to the "Ban Users" blacklist after reaching the number of lockouts listed below.', 'better-wp-security');
?>
</p>
</td>
</tr>
<tr>
<th scope="row"><label for="itsec-global-blacklist_count"><?php
_e('Blacklist Threshold', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_text('blacklist_count', array('class' => 'small-text'));
?>
<label for="itsec-global-blacklist_count"><?php
_e('Lockouts', 'better-wp-security');
?>
</label>
<p class="description"><?php
_e('The number of lockouts per IP before the host is banned permanently from this site.', 'better-wp-security');
?>
</p>
</td>
</tr>
<tr>
<th scope="row"><label for="itsec-global-blacklist_period"><?php
_e('Blacklist Lookback Period', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_text('blacklist_period', array('class' => 'small-text'));
?>
<label for="itsec-global-blacklist_period"><?php
_e('Days', 'better-wp-security');
?>
</label>
<p class="description"><?php
_e('How many days should a lockout be remembered to meet the blacklist count above.', 'better-wp-security');
?>
</p>
</td>
</tr>
<tr>
<th scope="row"><label for="itsec-global-lockout_period"><?php
_e('Lockout Period', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_text('lockout_period', array('class' => 'small-text'));
?>
<label for="itsec-global-lockout_period"><?php
_e('Minutes', 'better-wp-security');
?>
</label>
<p class="description"><?php
_e('The length of time a host or user will be banned from this site after hitting the limit of bad logins.', 'better-wp-security');
?>
</p>
</td>
</tr>
<tr>
<th scope="row"><label for="itsec-global-lockout_white_list"><?php
_e('Lockout White List', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_textarea('lockout_white_list');
?>
<p><?php
$form->add_button('add-to-whitelist', array('value' => __('Add my current IP to the White List', 'better-wp-security'), 'class' => 'button-primary'));
?>
</p>
<p class="description"><?php
_e('Use the guidelines below to enter hosts that will not be locked out from your site. This will keep you from locking yourself out of any features if you should trigger a lockout. Please note this does not override away mode and will only prevent a temporary ban. Should a permanent ban be triggered you will still be added to the "Ban Users" list unless the IP address is also white listed in that section.', 'better-wp-security');
?>
</p>
<ul>
<li>
<?php
_e('You may white list users by individual IP address or IP address range using wildcards or CIDR notation.', 'better-wp-security');
?>
<ul>
<li><?php
_e('Individual IP addresses must be in IPv4 or IPv6 standard format (###.###.###.### or ####:####:####:####:####:####:####:####).', 'better-wp-security');
?>
</li>
<li><?php
_e('CIDR notation is allowed to specify a range of IP addresses (###.###.###.###/## or ####:####:####:####:####:####:####:####/###).', 'better-wp-security');
?>
</li>
<li><?php
_e('Wildcards are also supported with some limitations. If using wildcards (*), you must start with the right-most chunk in the IP address. For example ###.###.###.* and ###.###.*.* are permitted but ###.###.*.### is not. Wildcards are only for convenient entering of IP addresses, and will be automatically converted to their appropriate CIDR notation format on save.', 'better-wp-security');
?>
</li>
</ul>
</li>
<li><?php
_e('Enter only 1 IP address or 1 IP address range per line.', 'better-wp-security');
?>
</li>
</ul>
<p><a href="http://ip-lookup.net/domain-lookup.php" target="_blank"><?php
_e('Lookup IP Address.', 'better-wp-security');
?>
</a></p>
<p class="description"><strong><?php
_e('This white list will prevent any IP listed from triggering an automatic lockout. You can still block the IP address manually in the banned users settings.', 'better-wp-security');
?>
</strong></p>
</td>
</tr>
<tr>
<th scope="row"><label for="itsec-global-email_notifications"><?php
_e('Email Lockout Notifications', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_checkbox('email_notifications');
?>
<label for="itsec-global-email_notifications"><?php
_e('Enable Email Lockout Notifications', 'better-wp-security');
?>
</label>
<p class="description"><?php
_e('This feature will trigger an email to be sent to the email addresses listed in the Notification Email setting whenever a host or user is locked out of the system.', 'better-wp-security');
?>
</p>
</td>
</tr>
<tr>
<th scope="row"><label for="itsec-global-log_type"><?php
_e('Log Type', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_select('log_type', $log_types);
?>
<label for="itsec-global-log_type"><?php
_e('How should even logs be kept', 'better-wp-security');
?>
</label>
<p class="description"><?php
_e('iThemes Security can log events in multiple ways, each with advantages and disadvantages. Database Only puts all events in the database with your posts and other WordPress data. This makes it easy to retrieve and process but can be slower if the database table gets very large. File Only is very fast but the plugin does not process the logs itself as that would take far more resources. For most users or smaller sites Database Only should be fine. If you have a very large site or a log processing software then File Only might be a better option.', 'better-wp-security');
?>
</p>
</td>
</tr>
<tr>
<th scope="row"><label for="itsec-global-log_rotation"><?php
_e('Days to Keep Database Logs', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_text('log_rotation', array('class' => 'small-text'));
?>
<label for="itsec-global-log_rotation"><?php
_e('Days', 'better-wp-security');
?>
</label>
<p class="description"><?php
_e('The number of days database logs should be kept. File logs will be kept indefinitely but will be rotated once the file hits 10MB.', 'better-wp-security');
?>
</p>
</td>
</tr>
<tr>
<th scope="row"><label for="itsec-global-log_location"><?php
_e('Path to Log Files', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_text('log_location', array('class' => 'large-text code'));
?>
<p><label for="itsec-global-log_location"><?php
_e('The path on your server where log files should be stored.', 'better-wp-security');
?>
</label></p>
<p class="description"><?php
_e('This path must be writable by your website. For added security, it is recommended you do not include it in your website root folder.', 'better-wp-security');
?>
</p>
<p><?php
$form->add_button('reset-log-location', array('value' => __('Restore Default Log File Path', 'better-wp-security'), 'class' => 'button-secondary'));
?>
</p>
</td>
</tr>
<?php
if (is_dir(WP_PLUGIN_DIR . '/iwp-client')) {
?>
<tr>
<th scope="row"><label for="itsec-global-infinitewp_compatibility"><?php
_e('Add InfiniteWP Compatibility', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_checkbox('infinitewp_compatibility');
?>
<label for="itsec-global-infinitewp_compatibility"><?php
_e('Enable InfiniteWP Compatibility', 'better-wp-security');
?>
</label>
<p class="description"><?php
printf(__('Turning this feature on will enable compatibility with <a href="%s" target="_blank">InfiniteWP</a>. Do not turn it on unless you use the InfiniteWP service.', 'better-wp-security'), 'http://infinitewp.com');
?>
</p>
</td>
</tr>
<?php
}
?>
<tr>
<th scope="row"><label for="itsec-global-allow_tracking"><?php
_e('Allow Data Tracking', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_checkbox('allow_tracking');
?>
<label for="itsec-global-allow_tracking"><?php
_e('Allow iThemes to track plugin usage via anonymous data.', 'better-wp-security');
?>
</label>
</td>
</tr>
<?php
if ('nginx' === ITSEC_Lib::get_server()) {
?>
<tr>
<th scope="row"><label for="itsec-global-nginx_file"><?php
_e('NGINX Conf File', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_text('nginx_file', array('class' => 'large-text code'));
?>
<p><label for="itsec-global-nginx_file"><?php
_e('The path on your server where the nginx config file is located.', 'better-wp-security');
?>
</label></p>
<p class="description"><?php
_e('This path must be writable by your website. For added security, it is recommended you do not include it in your website root folder.', 'better-wp-security');
?>
</p>
</td>
</tr>
<?php
}
?>
<tr>
<th scope="row"><label for="itsec-global-lock_file"><?php
_e('Disable File Locking', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_checkbox('lock_file');
?>
<label for="itsec-global-lock_file"><?php
_e('Disable File Locking', 'better-wp-security');
?>
</label>
<p class="description"><?php
_e('Turning this option on will prevent errors related to file locking however might result in operations being executed twice. We do not recommend turning this off unless your host prevents the file locking feature from working correctly.', 'better-wp-security');
?>
</p>
</td>
</tr>
<tr>
<th scope="row"><label for="itsec-global-proxy_override"><?php
_e('Override Proxy Detection', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_checkbox('proxy_override');
?>
<label for="itsec-global-proxy_override"><?php
_e('Disable Proxy IP Detection', 'better-wp-security');
?>
</label>
<p class="description"><?php
_e('If you\'re not using a proxy service such as Varnish, Cloudflare or others turning this on may result in more accurate IP detection.', 'better-wp-security');
?>
</p>
</td>
</tr>
<tr>
<th scope="row"><label for="itsec-global-hide_admin_bar"><?php
_e('Hide Security Menu in Admin Bar', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_checkbox('hide_admin_bar');
?>
<label for="itsec-global-hide_admin_bar"><?php
_e('Hide security menu in admin bar.', 'better-wp-security');
?>
</label>
</td>
</tr>
<tr>
<th scope="row"><label for="itsec-global-show_error_codes"><?php
_e('Show Error Codes', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_select('show_error_codes', $show_error_codes_options);
?>
<p class="description"><?php
_e('Each error message in iThemes Security has an associated error code that can help diagnose an issue. Changing this setting to "Yes" causes these codes to display. This setting should be left set to "No" unless iThemes Security support requests that you change it.', 'better-wp-security');
?>
</p>
</td>
</tr>
</table>
<?php
}
