if (isset($_REQUEST[SIXSCAN_NOTICE_VULN_COUNT])) { $old_count = intval(get_option(SIXSCAN_OPTION_VULNERABITILY_COUNT)); $new_count = intval($_REQUEST[SIXSCAN_NOTICE_VULN_COUNT]); /* New vulnerability was discovered. Show user the warning message */ if ($new_count > $old_count) { update_option(SIXSCAN_VULN_MESSAGE_DISMISSED, FALSE); } update_option(SIXSCAN_OPTION_VULNERABITILY_COUNT, $new_count); } /* Include the update functionality */ require_once ABSPATH . 'wp-admin/includes/upgrade.php'; require_once 'update.php'; /* Activated this blog with 6Scan server */ if (isset($_REQUEST[SIXSCAN_NOTICE_ACCOUNT_ENABLED])) { if (intval($_REQUEST[SIXSCAN_NOTICE_ACCOUNT_ENABLED]) == 1) { sixscan_common_set_account_operational(TRUE); } } /* Change WAF options, according to request */ sixscan_waf_set_options_confuguration(); /* Change secure login configuration */ sixscan_login_options_configuration(); /* Default value, in case we don't need to send security env */ $security_result = TRUE; if (isset($_REQUEST[SIXSCAN_NOTICE_SECURITY_ENV_NAME]) && $_REQUEST[SIXSCAN_NOTICE_SECURITY_ENV_NAME] == 1) { $security_result = sixscan_send_security_environment($site_id, $api_token); } if (isset($_REQUEST[SIXSCAN_NOTICE_SECURITY_LOG_NAME]) && $_REQUEST[SIXSCAN_NOTICE_SECURITY_LOG_NAME] == 1) { $tmp_result = sixscan_send_security_log($site_id, $api_token); /* Checking result values, and appending error message, if needed */ if ($security_result === TRUE) {
function sixscan_installation_install($tmp_key) { try { /* Clear the operational flag. It will be set, if activation is successful */ sixscan_common_set_account_operational(FALSE); global $wp_filesystem; $current_wp_filesystem = $tmp_key == "" ? 'direct' : 'ftp'; if (is_multisite()) { $err_message = "6Scan Install <b>Error</b>: 6Scan currently does not support multisite installs. The support will be added soon"; return sixscan_menu_wrap_error_msg($err_message) . sixscan_installation_error_description("Multisite install failed", $current_wp_filesystem); } /* Make sure we can create signature file and update the site's .htaccess file */ if (sixscan_common_test_dir_writable($wp_filesystem->abspath()) == FALSE) { $err_message = "6Scan Install <b>Error</b>: Failed creating signature file at Wordpress directory " . ABSPATH . SIXSCAN_COMM_SIGNATURE_FILENAME . "<br/><br/>Please see <a href='http://codex.wordpress.org/Changing_File_Permissions' target='_blank'>this Wordpress article</a> for more information on how to add write permissions." . "<br/><br/>If you have additional questions, please visit our <a href='http://6scan.com/support' target='_blank'>community</a>"; return sixscan_menu_wrap_error_msg($err_message) . sixscan_installation_error_description("Failed creating signature file", $current_wp_filesystem); } if ($wp_filesystem->exists(SIXSCAN_HTACCESS_FILE) && sixscan_common_test_file_writable(SIXSCAN_HTACCESS_FILE) == FALSE) { $err_message = "6Scan Install <b>Error</b>: Failed writing .htaccess file " . SIXSCAN_HTACCESS_FILE . "<br/><br/>Please see <a href='http://codex.wordpress.org/Changing_File_Permissions' target='_blank'>this Wordpress article</a> for more information on how to add write permissions." . "<br/><br/>If you have additional questions, please visit our <a href='http://6scan.com/support' target='_blank'>community</a>"; return sixscan_menu_wrap_error_msg($err_message) . sixscan_installation_error_description("Failed writing .htaccess file", $current_wp_filesystem); } if ($wp_filesystem->is_writable(SIXSCAN_PLUGIN_DIR . "/6scan.php") == FALSE) { $err_message = "6Scan Install <b>Error</b>: Can't modify 6Scan directory. This usually happens when security permissions do not allow writing to the Wordpress directory." . "<br/><br/>Please see <a href='http://codex.wordpress.org/Changing_File_Permissions' target='_blank'>this Wordpress article</a> for more information on how to add write permissions." . "<br/><br/>If you have additional questions, please visit our <a href='http://6scan.com/support' target='_blank'>community</a>"; return sixscan_menu_wrap_error_msg($err_message) . sixscan_installation_error_description("Failed initializing WP_Filesystem()", $current_wp_filesystem); } if (ini_get("allow_url_fopen") == FALSE && !function_exists('curl_init')) { $err_message = "6Scan Install <b>Error</b>: No libcurl found <b>and</b> \"allow_url_fopen\" in your php.ini is disabled. 6Scan needs at least <b>one</b> transport layer to be enabled, in order to contact its server for automatic updates.<br>" . "*Please see <a href='http://6scan.freshdesk.com/solution/articles/3257-installing-curl-extension-on-a-system' target='_blank'> this FAQ entry</a> in order to enable Curl<br>" . "*Please see <a href='http://6scan.freshdesk.com/solution/categories/3294/folders/6728/articles/2681-i-am-seeing-an-error-that-is-similar-to-could-not-open-handle-for-fopen-' target='_blank'>this FAQ entry</a> for instructions on how to enable the \"allow_url_fopen\" flag<br>" . "<br/><br/>If you have additional questions, please visit our <a href='http://6scan.com/support' target='_blank'>community</a>"; return sixscan_menu_wrap_error_msg($err_message) . sixscan_installation_error_description("No libcurl found and allow_url_fopen is disabled", $current_wp_filesystem); } /* Rewrite the htaccess and 6scan-gate file */ $htaccess_install_result = sixscan_htaccess_install(); if ($htaccess_install_result !== TRUE) { return sixscan_menu_wrap_error_msg($htaccess_install_result['user_message']) . sixscan_installation_error_description($htaccess_install_result['short_description'], $current_wp_filesystem); } if (sixscan_common_is_regdata_present() == TRUE) { if (sixscan_communication_oracle_reg_reactivate(sixscan_common_get_site_id(), sixscan_common_get_api_token()) == TRUE) { /* There is no real install to go on, just reactivation */ sixscan_common_set_account_operational(TRUE); sixscan_common_set_account_active(TRUE); return TRUE; } else { sixscan_common_erase_regdata(); } } /* Register process */ $server_registration_result = sixscan_installation_register_with_server($tmp_key); if ($server_registration_result !== TRUE) { /* If something went wrong in the registration/verification process */ sixscan_common_erase_regdata(); return $server_registration_result . sixscan_installation_error_description("Server registration failed", $current_wp_filesystem); } /* Account is now active, but not yet operational ( operation is set by server, when user completes the registration */ sixscan_common_set_account_active(TRUE); /* Preparing options for further use */ update_option(SIXSCAN_OPTION_COMM_ORACLE_NONCE, 1); update_option(SIXSCAN_OPTION_COMM_LAST_SIG_UPDATE_NONCE, 0); update_option(SIXSCAN_OPTION_STAT_SUSPICIOUS_REQ_COUNT, 0); update_option(SIXSCAN_OPTION_STAT_OK_REQ_COUNT, 0); update_option(SIXSCAN_OPTION_WAF_REQUESTED, array()); update_option(SIXSCAN_OPTION_LOGIN_SETTINGS, array()); update_option(SIXSCAN_VULN_MESSAGE_DISMISSED, FALSE); } catch (Exception $e) { /* Exception aborts the process */ sixscan_common_erase_regdata(); sixscan_common_set_account_active(FALSE); sixscan_common_set_account_operational(FALSE); return $e . sixscan_installation_error_description("Exception occured while installing", $current_wp_filesystem); } return TRUE; }