public static final function registerHit() { // check if live traffic tool is enabled $liveTrafficToolEnabled = WpsOption::getOption(WpsSettings::ENABLE_LIVE_TRAFFIC); if (!$liveTrafficToolEnabled) { return; } if (is_admin()) { return; } global $wpdb; $blogID = $wpdb->blogid; $url = self::getRequestedUrl(); if (self::isUrlExcluded($url)) { return; } $ip = self::getIP(); $referrer = self::getReferrer(); $ua = self::getUserAgent(); $geoIpInfo = self::_getGeoIpInfo($ip); $country = $geoIpInfo['country']; $city = $geoIpInfo['city']; $query = $wpdb->prepare("INSERT INTO " . WsdPlugin::getTableName(WpsSettings::LIVE_TRAFFIC_TABLE_NAME) . " (entryTime, entryIp, entryReferrer, entryUA, entryRequestedUrl, entryCountry, entryCity, blogId)\n VALUES(CURRENT_TIMESTAMP, %s, %s, %s, %s, %s, %s, %d)", $ip, $referrer, $ua, $url, $country, $city, $blogID); if (false === @$wpdb->query($query)) { return; } $numEvents = 0; $optData = WpsOption::getOption(WpsSettings::LIVE_TRAFFIC_ENTRIES); if (empty($optData)) { WpsOption::addOption(WpsSettings::LIVE_TRAFFIC_ENTRIES, $numEvents); } else { $numEvents = intval($optData); } WpsOption::updateOption(WpsSettings::LIVE_TRAFFIC_ENTRIES, $numEvents + 1); }
function wpsIsValidInstall() { if (wpsIsMultisite()) { $_ = WpsOption::getOption('WPS_NETWORK_INSTALL'); if (empty($_)) { return false; } } return true; }
/** * @internal * @param $userID */ public static function _watchUserInfoUpdated($userID) { // If an admin user's password has been updated if (!empty($_POST['pass1'])) { $userInfo = self::_getUserInfo($userID); $userName = $userInfo['userName']; $userRole = $userInfo['userRole']; if ($userRole == 'administrator') { global $wpsPluginAlertsArray; $actionName = $wpsPluginAlertsArray['watch_admin_password_update']['name']; $alertType = $wpsPluginAlertsArray['watch_admin_password_update']['type']; if (wpsIsMultisite()) { global $wpdb; $blogID = $wpdb->blogid; $blogName = WpsOption::getOption('blogname', $blogID); self::alert($actionName, $alertType, WpsSettings::ALERT_MEDIUM, sprintf(__('Administrator (<strong>%s</strong>) of blog <strong>%s</strong> has updated their password.', WpsSettings::TEXT_DOMAIN), $userName, $blogName), __('<p>This alert is generated every time an administrator\'s password is updated.</p>', WpsSettings::TEXT_DOMAIN)); } else { self::alert($actionName, $alertType, WpsSettings::ALERT_MEDIUM, sprintf(__('Administrator (<strong>%s</strong>) has updated their password.', WpsSettings::TEXT_DOMAIN), $userName), __('<p>This alert is generated every time an administrator\'s password is updated.</p>', WpsSettings::TEXT_DOMAIN)); } } } }
require 'res/inc/WsdCheck.php'; require 'res/inc/WsdScheduler.php'; require 'res/inc/WsdWatch.php'; require 'res/inc/WsdLiveTraffic.php'; require 'res/inc/WsdWpScanner.php'; require 'res/inc/wss-functions.php'; //#!-- if (wpsIsMultisite()) { add_action('network_admin_menu', 'wpsCreateNetworkMenu'); add_action('admin_menu', 'wpsCreateSiteMenu'); } else { add_action('admin_menu', 'wpsCreateNetworkMenu'); } add_action('init', array('WsdUtil', 'loadPluggable')); add_action('init', array('WsdPlugin', 'loadResources')); $wpsCanRun = (bool) WpsOption::getOption(WpsSettings::CAN_RUN_TASKS_OPTION_NAME); if ($wpsCanRun) { add_action('init', array('WsdLiveTraffic', 'registerHit')); add_action('wp_ajax_ajaxGetTrafficData', array('WsdLiveTraffic', 'ajaxGetTrafficData')); add_action('wp_ajax_nopriv_ajaxGetTrafficData', array('WsdLiveTraffic', 'ajaxGetTrafficData')); } add_action('wp_ajax_ajaxDeleteBackupFile', array('WsdUtil', 'ajaxDeleteBackupFile')); add_action('wp_dashboard_setup', array('WsdUtil', 'addDashboardWidget')); register_activation_hook(__FILE__, 'wpsNetworkActivate'); register_deactivation_hook(__FILE__, 'wpsNetworkDeactivate'); register_uninstall_hook(__FILE__, array('WsdPlugin', 'uninstall')); //#++ // Add custom links on plugins page function wssCustomLinks($links) { if (wpsIsValidInstall()) {
public static function stopScan($completed = false, $failReason = '') { $scanID = self::$_scanID; if (empty($scanID)) { $optData = WpsOption::getOption(WpsSettings::WP_FILE_SCAN_OPTION_NAME); if (empty($optData)) { wssLog('Empty $optData. Checking db table for any incomplete scan.'); $sid = WsdWpScanner::getLastScanID_table(); if (empty($sid)) { wssLog('No incomplete scans found either.'); return; } else { wssLog("Incomplete scan found: {$sid}"); $scanID = $sid; } } else { $scanID = $optData['SCAN_ID']; if (empty($scanID)) { return; } } } $m = __METHOD__ . '() '; wssLog($m . 'triggered.'); if ($completed) { self::_markScanCompleted(); } else { wssLog('Fail reason: ' . $failReason); self::_markScanFailed($scanID, $failReason); } WsdWPScanSettings::deleteSettings(); wssLog('Scan (' . $scanID . ') marked as ' . ($completed ? 'completed' : 'failed') . ' and options deleted.' . PHP_EOL . str_repeat('=', 50)); }
/** * @public * @static * Add the rss widget to dashboard * @return void */ static function addDashboardWidget() { $rssWidgetData = WpsOption::getOption('WSD-RSS-WGT-DISPLAY'); if ($rssWidgetData == 'yes') { if (wpsIsMultisite()) { global $wpdb; $old_blog = $wpdb->blogid; // Get all blog ids $blogIds = $wpdb->get_col("SELECT blog_id FROM {$wpdb->blogs}"); foreach ($blogIds as $blog_id) { switch_to_blog($blog_id); wp_add_dashboard_widget('acx_plugin_dashboard_widget', __('Acunetix news and updates', WpsSettings::TEXT_DOMAIN), array('WsdUtil', 'displayDashboardWidget')); } switch_to_blog($old_blog); wp_add_dashboard_widget('acx_plugin_dashboard_widget', __('Acunetix news and updates', WpsSettings::TEXT_DOMAIN), array('WsdUtil', 'displayDashboardWidget')); } else { wp_add_dashboard_widget('acx_plugin_dashboard_widget', __('Acunetix news and updates', WpsSettings::TEXT_DOMAIN), array('WsdUtil', 'displayDashboardWidget')); } } }
} /** * @public * @param $optName * @param $getMaxRssEntries */ function wpsPlugin_handleDisplayRssData($optName, $getMaxRssEntries) { $data = wpsPlugin_GetFeedData($getMaxRssEntries); wpsPlugin_updateRssFeedOption($optName, $data); echo str_ireplace("url('rss.png')", "url('" . WsdUtil::imageUrl('rss.png') . "')", $data); } $optName = WpsSettings::BLOG_DATA_OPTION_NAME; $getMaxRssEntries = 10; //@ check cache $optData = WpsOption::getOption($optName); if (empty($optData)) { wpsPlugin_handleDisplayRssData($optName, $getMaxRssEntries); } else { // check cache expiry date if (is_object($optData)) { $lastUpdateTime = @$optData->expires; // invalid cache: UPDATE if (empty($lastUpdateTime)) { wpsPlugin_handleDisplayRssData($optName, $getMaxRssEntries); } else { $nextUpdateTime = $lastUpdateTime + 24 * 60 * 60; if ($nextUpdateTime >= $lastUpdateTime) { $data = @$optData->data; if (empty($data)) { wpsPlugin_handleDisplayRssData($optName, $getMaxRssEntries);
static function activate() { wssLog(__METHOD__ . '() executed'); global $wpdb; $charset_collate = ''; if (!empty($wpdb->charset)) { $charset_collate = "DEFAULT CHARACTER SET {$wpdb->charset}"; } if (!empty($wpdb->collate)) { $charset_collate .= " COLLATE {$wpdb->collate}"; } // MUST HAVE "CREATE" RIGHTS if a table is not found and needs to be created $rights = WsdInfoServer::getDatabaseUserAccessRights(); wssLog('USER RIGHTS', $rights); $hasCreateRight = in_array('CREATE', $rights['rightsHaving']); // Must have alter right for updating table $hasAlterRight = in_array('CREATE', $rights['rightsHaving']); $table1 = self::getTableName(WpsSettings::ALERTS_TABLE_NAME); $table2 = self::getTableName(WpsSettings::LIVE_TRAFFIC_TABLE_NAME); $table3 = self::getTableName(WpsSettings::SCAN_TABLE_NAME); $table4 = self::getTableName(WpsSettings::SCANS_TABLE_NAME); if (!WsdUtil::tableExists($table1)) { wssLog("table not found: {$table1}"); if (!$hasCreateRight) { wssLog("user has no create right. cannot create table: {$table1}"); $notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array()); $notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>: The database user needs the '<strong>CREATE</strong>' right in order to install this plugin."; WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices); return false; } $query1 = "CREATE TABLE IF NOT EXISTS {$table1} (\n `alertId` INT UNSIGNED NOT NULL AUTO_INCREMENT ,\n `alertType` TINYINT NOT NULL DEFAULT 0 ,\n `alertSeverity` INT NOT NULL DEFAULT 0 ,\n `alertActionName` VARCHAR (255) NOT NULL,\n `alertTitle` VARCHAR(255) NOT NULL ,\n `alertDescription` TEXT NOT NULL ,\n `alertSolution` TEXT NOT NULL ,\n `alertDate` DATETIME NOT NULL default '0000-00-00 00:00:00',\n `alertFirstSeen` DATETIME NOT NULL default '0000-00-00 00:00:00',\n PRIMARY KEY (`alertId`) ,\n UNIQUE INDEX `alertId_UNIQUE` (`alertId` ASC) ) {$charset_collate};"; $result = @$wpdb->query($query1); if ($result === false) { //#! MySQL error $notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array()); $notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$query1}</pre></strong>."; WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices); return false; } wssLog("table created: {$table1}"); } $alterCheck = true; if (!WsdUtil::tableExists($table2)) { wssLog("table not found: {$table2}"); if (!$hasCreateRight) { $notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array()); $notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>: The database user needs the '<strong>CREATE</strong>' right in order to install this plugin."; WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices); return false; } $query2 = "CREATE TABLE IF NOT EXISTS {$table2} (\n `entryId` bigint(20) unsigned NOT NULL auto_increment,\n `entryTime` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',\n `entryIp` text,\n `entryReferrer` text,\n `entryUA` text,\n `entryRequestedUrl` text,\n `entryCountry` varchar(125) not null,\n `entryCity` varchar(125) not null,\n `blogId` INT(10) NOT NULL DEFAULT 1,\n PRIMARY KEY (entryId)) {$charset_collate};"; $result = @$wpdb->query($query2); if ($result === false) { //#! MySQL error $notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array()); $notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$query2}</pre></strong>."; WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices); return false; } $alterCheck = false; wssLog("table created: {$table2}."); } if ($alterCheck) { wssLog("Alter check needed for {$table2}."); if (!$hasAlterRight) { wssLog('NO ALTER RIGHT'); $notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>: The database user needs the '<strong>ALTER</strong>' right in order to install this plugin."; WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices); return false; } // Get columns $query = "SHOW COLUMNS FROM {$table2}"; $cols = $wpdb->get_results($query, ARRAY_A); $columns = array(); if (empty($cols)) { wssLog("Could not retrieve columns from table: {$table2}"); $notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$query}</pre></strong>. Please inform the plugin author about this error."; WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices); return false; } foreach ($cols as $i => $values) { if (isset($values['Field']) && !empty($values['Field'])) { array_push($columns, $values['Field']); } } $entryCountryExists = $entryCityExists = $blogIdExists = false; if (in_array('entryCountry', $columns)) { $entryCountryExists = true; } if (in_array('entryCity', $columns)) { $entryCityExists = true; } if (in_array('blogId', $columns)) { $blogIdExists = true; } //## Check for column: entryCountry wssLog("Checking for column: entryCountry"); if (!$entryCountryExists) { // alter table $q = "ALTER TABLE {$table2} ADD COLUMN `entryCountry` VARCHAR(125) NOT NULL DEFAULT '' AFTER `entryRequestedUrl`;"; $result = @$wpdb->query($q); if ($result === false) { wssLog('MySql error: ' . mysql_error()); wssLog("Error running query: {$q}"); //#! MySQL error $notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$q}</pre></strong>."; WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices); return false; } wssLog("Column: entryCountry not found in table {$table2}. but was added."); } else { wssLog("column already exists: entryCountry"); } //## Check for column: entryCity wssLog("Checking for column: entryCity"); if (!$entryCityExists) { $q = "ALTER TABLE {$table2} ADD COLUMN `entryCity` VARCHAR(125) NOT NULL DEFAULT '' AFTER `entryCountry`;"; $result = @$wpdb->query($q); if ($result === false) { //#! MySQL error $notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$q}</pre></strong>."; WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices); return false; } wssLog("Column: entryCity not found in table {$table2}. but was added."); } else { wssLog("column already exists: entryCity"); } //## Check for column: blogId wssLog("Checking for column: blogId"); if (!$blogIdExists) { $q = "ALTER TABLE {$table2} ADD COLUMN `blogId` INT(10) NOT NULL DEFAULT 1 AFTER `entryCity`;"; $result = @$wpdb->query($q); if ($result === false) { //#! MySQL error $notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$q}</pre></strong>."; WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices); return false; } wssLog("Column: blogId not found in table {$table2}. but was added."); } else { wssLog("column already exists: blogid"); } wssLog("{$table2} updated successfully"); } if (!WsdUtil::tableExists($table3)) { wssLog("table not found: {$table3}"); if (!$hasCreateRight) { $notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array()); $notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>: The database user needs the '<strong>CREATE</strong>' right in order to install this plugin."; WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices); return false; } $query3 = "CREATE TABLE IF NOT EXISTS {$table3} (\n `entryId` BIGINT NOT NULL AUTO_INCREMENT ,\n `scanId` INT NOT NULL ,\n `filePath` VARCHAR(1000) NOT NULL ,\n `dateModified` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00' ,\n `fileNotFound` TINYINT NOT NULL DEFAULT 0,\n PRIMARY KEY (`entryId`) ,\n UNIQUE INDEX `entryId_UNIQUE` (`entryId` ASC) ) {$charset_collate};"; $result = @$wpdb->query($query3); if ($result === false) { //#! MySQL error $notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array()); $notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$query3}</pre></strong>."; WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices); return false; } wssLog("table created: {$table3}."); } if (!WsdUtil::tableExists($table4)) { wssLog("table not found: {$table4}"); if (!$hasCreateRight) { $notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array()); $notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>: The database user needs the '<strong>CREATE</strong>' right in order to install this plugin."; WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices); return false; } $query4 = "CREATE TABLE {$table4} (\n `scanId` INT NOT NULL AUTO_INCREMENT ,\n `scanStartDate` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',\n `scanEndDate` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',\n `scanResult` INT NOT NULL DEFAULT 0,\n `failReason` VARCHAR(5000) NOT NULL DEFAULT '',\n `scanType` int(11) NOT NULL DEFAULT '0',\n PRIMARY KEY (`scanId`) ) {$charset_collate};"; $result = @$wpdb->query($query4); if ($result === false) { //#! MySQL error $notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array()); $notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$query4}</pre></strong>."; WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices); return false; } } WpsOption::addOption(WpsSettings::CAN_RUN_TASKS_OPTION_NAME, 1); return true; }
WpsOption::updateOption('WSD-RSS-WGT-DISPLAY', 'yes'); } // live traffic $liveTrafficEnabled = isset($_POST['chk_lt_display']) ? intval($_POST['chk_lt_display']) : 0; if (empty($liveTrafficEnabled)) { // hide $enableLiveTraffic = false; WpsOption::updateOption(WpsSettings::ENABLE_LIVE_TRAFFIC, false); } else { // show $enableLiveTraffic = true; WpsOption::updateOption(WpsSettings::ENABLE_LIVE_TRAFFIC, true); wssLog("Live traffic tool enabled."); } WpsOption::updateOption(WpsSettings::PLUGIN_SETTINGS_OPTION_NAME, $settings); $settings = WpsOption::getOption(WpsSettings::PLUGIN_SETTINGS_OPTION_NAME); } elseif (isset($_POST['deleteRssDataButton'])) { WpsOption::deleteOption(WpsSettings::FEED_DATA_OPTION_NAME); } } ?> <div class="wrap wsdplugin_content"> <h2><?php echo WPS_PLUGIN_NAME . ' - ' . __('Settings', WpsSettings::TEXT_DOMAIN); ?> </h2> <p class="clear"></p> <div style="clear: both; display: block;"> <div class="metabox-holder"> <div class="inner-sidebar1 postbox">
<?php /*/#! Check for install errors */ if (!wpsCanDisplayPage()) { return; } $liveTrafficToolEnabled = WpsOption::getOption(WpsSettings::ENABLE_LIVE_TRAFFIC); if ($liveTrafficToolEnabled) { $refreshRates = array(0, 5, 10, 15, 20, 25, 30); $settings = array(WpsOption::getOption('WPS_KEEP_NUM_ENTRIES_LT'), WpsOption::getOption('WPS_REFRESH_RATE_AJAX_LT')); $rm = strtoupper($_SERVER['REQUEST_METHOD']); if ('POST' == $rm) { // check nonce if (isset($_POST['wsdplugin_update_settings_field'])) { if (!wp_verify_nonce($_POST['wsdplugin_update_settings_field'], 'wsdplugin_update_settings')) { exit('Invalid request.'); } } else { exit('Invalid request.'); } function wpsPluginValidateSettingsForm($refreshRates) { if (isset($_POST['max_number_live_traffic']) && isset($_POST['refreshRateOption'])) { // validate input $_POST['max_number_live_traffic'] $keepNumEntriesLiveTraffic = intval($_POST['max_number_live_traffic']); if ($keepNumEntriesLiveTraffic == 0) { $keepNumEntriesLiveTraffic = 0; } elseif (!preg_match("/[0-9]{1,5}/", $keepNumEntriesLiveTraffic)) { $keepNumEntriesLiveTraffic = 500; } // validate input $_POST['refreshRateOption']