function sucuriscan_settings_general_apikey($nonce) { $params = array(); $invalid_domain = false; $api_recovery_modal = ''; $api_registered_modal = ''; // Whether the form to manually add the API key should be shown or not. $display_manual_key_form = (bool) (SucuriScanRequest::post(':recover_key') !== false); if ($nonce) { if (!empty($_POST) && SucuriScanOption::settingsInTextFile()) { $fpath = SucuriScanOption::optionsFilePath(); if (!is_writable($fpath)) { SucuriScanInterface::error('Storage is not writable: <code>' . $fpath . '</code>'); } } // Remove API key from the local storage. if (SucuriScanRequest::post(':remove_api_key') !== false) { SucuriScanAPI::setPluginKey(''); wp_clear_scheduled_hook('sucuriscan_scheduled_scan'); SucuriScanEvent::report_critical_event('Sucuri API key was deleted.'); SucuriScanEvent::notify_event('plugin_change', 'Sucuri API key removed'); } // Save API key after it was recovered by the administrator. if ($api_key = SucuriScanRequest::post(':manual_api_key')) { SucuriScanAPI::setPluginKey($api_key, true); SucuriScanEvent::schedule_task(); SucuriScanEvent::report_info_event('Sucuri API key was added manually.'); } // Generate new API key from the API service. if (SucuriScanRequest::post(':plugin_api_key') !== false) { $user_id = SucuriScanRequest::post(':setup_user'); $user_obj = SucuriScan::get_user_by_id($user_id); if ($user_obj !== false && user_can($user_obj, 'administrator')) { // Send request to generate new API key or display form to set manually. if (SucuriScanAPI::registerSite($user_obj->user_email)) { $api_registered_modal = SucuriScanTemplate::getModal('settings-apiregistered', array('Title' => 'Site registered successfully', 'CssClass' => 'sucuriscan-apikey-registered')); } else { $display_manual_key_form = true; } } } // Recover API key through the email registered previously. if (SucuriScanRequest::post(':recover_key') !== false) { $_GET['recover'] = 'true'; SucuriScanAPI::recoverKey(); SucuriScanEvent::report_info_event('Recovery of the Sucuri API key was requested.'); } } $api_key = SucuriScanAPI::getPluginKey(); if (SucuriScanRequest::get('recover') !== false) { $api_recovery_modal = SucuriScanTemplate::getModal('settings-apirecovery', array('Title' => 'Plugin API Key Recovery', 'CssClass' => 'sucuriscan-apirecovery')); } // Check whether the domain name is valid or not. if (!$api_key) { $clean_domain = SucuriScan::get_top_level_domain(); $domain_address = @gethostbyname($clean_domain); $invalid_domain = (bool) ($domain_address === $clean_domain); } $params['APIKey'] = !$api_key ? '(not set)' : $api_key; $params['APIKey.RecoverVisibility'] = SucuriScanTemplate::visibility(!$api_key && !$display_manual_key_form); $params['APIKey.ManualKeyFormVisibility'] = SucuriScanTemplate::visibility($display_manual_key_form); $params['APIKey.RemoveVisibility'] = SucuriScanTemplate::visibility((bool) $api_key); $params['InvalidDomainVisibility'] = SucuriScanTemplate::visibility($invalid_domain); $params['ModalWhenAPIRegistered'] = $api_registered_modal; $params['ModalForApiKeyRecovery'] = $api_recovery_modal; return SucuriScanTemplate::getSection('settings-general-apikey', $params); }
function sucuriscan_settings_general_apikey($nonce) { $params = array(); $invalid_domain = false; $api_recovery_modal = ''; $api_registered_modal = ''; // Whether the form to manually add the API key should be shown or not. $display_manual_key_form = (bool) (SucuriScanRequest::post(':recover_key') !== false); if ($nonce) { if (SucuriScanRequest::post(':plugin_api_key') !== false) { $user_id = SucuriScanRequest::post(':setup_user'); $user_obj = SucuriScan::get_user_by_id($user_id); if ($user_obj !== false && user_can($user_obj, 'administrator')) { // Send request to generate new API key or display form to set manually. if (SucuriScanAPI::register_site($user_obj->user_email)) { $api_registered_modal = SucuriScanTemplate::get_modal('settings-apiregistered', array('Title' => 'Site registered successfully', 'CssClass' => 'sucuriscan-apikey-registered')); } else { $display_manual_key_form = true; } } } // Recover API key through the email registered previously. if (SucuriScanRequest::post(':recover_key') !== false) { SucuriScanAPI::recover_key(); SucuriScanEvent::report_info_event('Recovery of the Sucuri API key was requested.'); $api_recovery_modal = SucuriScanTemplate::get_modal('settings-apirecovery', array('Title' => 'Plugin API Key Recovery', 'CssClass' => 'sucuriscan-apirecovery')); } } $api_key = SucuriScanAPI::get_plugin_key(); // Check whether the domain name is valid or not. if (!$api_key) { $clean_domain = SucuriScan::get_top_level_domain(); $domain_address = @gethostbyname($clean_domain); $invalid_domain = (bool) ($domain_address === $clean_domain); } $params['APIKey'] = !$api_key ? '<em>(not set)</em>' : $api_key; $params['APIKey.RecoverVisibility'] = SucuriScanTemplate::visibility(!$api_key && !$display_manual_key_form); $params['APIKey.ManualKeyFormVisibility'] = SucuriScanTemplate::visibility($display_manual_key_form); $params['APIKey.RemoveVisibility'] = SucuriScanTemplate::visibility((bool) $api_key); $params['InvalidDomainVisibility'] = SucuriScanTemplate::visibility($invalid_domain); $params['ModalWhenAPIRegistered'] = $api_registered_modal; $params['ModalForApiKeyRecovery'] = $api_recovery_modal; return SucuriScanTemplate::get_section('settings-general-apikey', $params); }
/** * Read and parse the content of the general settings template. * * @return string Parsed HTML code for the general settings panel. */ function sucuriscan_settings_general() { global $sucuriscan_emails_per_hour, $sucuriscan_maximum_failed_logins, $sucuriscan_verify_ssl_cert; // Check the nonce here to populate the value through other functions. $page_nonce = SucuriScanInterface::check_nonce(); // Process all form submissions. sucuriscan_settings_form_submissions($page_nonce); // Register the site, get its API key, and store it locally for future usage. $api_registered_modal = ''; // Whether the form to manually add the API key should be shown or not. $display_manual_key_form = (bool) (SucuriScanRequest::post(':recover_key') !== false); if ($page_nonce && SucuriScanRequest::post(':plugin_api_key') !== false) { $user_id = SucuriScanRequest::post(':setup_user'); $user_obj = SucuriScan::get_user_by_id($user_id); if ($user_obj !== false && user_can($user_obj, 'administrator')) { // Send request to generate new API key or display form to set manually. if (SucuriScanAPI::register_site($user_obj->user_email)) { $api_registered_modal = SucuriScanTemplate::get_modal('settings-apiregistered', array('Title' => 'Site registered successfully', 'CssClass' => 'sucuriscan-apikey-registered')); } else { $display_manual_key_form = true; } } } // Get initial variables to decide some things bellow. $api_key = SucuriScanAPI::get_plugin_key(); $emails_per_hour = SucuriScanOption::get_option(':emails_per_hour'); $maximum_failed_logins = SucuriScanOption::get_option(':maximum_failed_logins'); $verify_ssl_cert = SucuriScanOption::get_option(':verify_ssl_cert'); $audit_report = SucuriScanOption::get_option(':audit_report'); $logs4report = SucuriScanOption::get_option(':logs4report'); $revproxy = SucuriScanOption::get_option(':revproxy'); $dns_lookups = SucuriScanOption::get_option(':dns_lookups'); $comment_monitor = SucuriScanOption::get_option(':comment_monitor'); $xhr_monitor = SucuriScanOption::get_option(':xhr_monitor'); $invalid_domain = false; // Check whether the domain name is valid or not. if (!$api_key) { $clean_domain = SucuriScan::get_top_level_domain(); $domain_address = @gethostbyname($clean_domain); $invalid_domain = $domain_address == $clean_domain ? true : false; } // Generate the HTML code for the option list in the form select fields. $emails_per_hour_options = SucuriScanTemplate::get_select_options($sucuriscan_emails_per_hour, $emails_per_hour); $maximum_failed_logins_options = SucuriScanTemplate::get_select_options($sucuriscan_maximum_failed_logins, $maximum_failed_logins); $verify_ssl_cert_options = SucuriScanTemplate::get_select_options($sucuriscan_verify_ssl_cert, $verify_ssl_cert); $template_variables = array('APIKey' => !$api_key ? '<em>(not set)</em>' : $api_key, 'APIKey.RecoverVisibility' => SucuriScanTemplate::visibility(!$api_key && !$display_manual_key_form), 'APIKey.ManualKeyFormVisibility' => SucuriScanTemplate::visibility($display_manual_key_form), 'APIKey.RemoveVisibility' => SucuriScanTemplate::visibility((bool) $api_key), 'InvalidDomainVisibility' => SucuriScanTemplate::visibility($invalid_domain), 'NotifyTo' => SucuriScanOption::get_option(':notify_to'), 'EmailsPerHour' => 'Undefined', 'EmailsPerHourOptions' => $emails_per_hour_options, 'MaximumFailedLogins' => 'Undefined', 'MaximumFailedLoginsOptions' => $maximum_failed_logins_options, 'VerifySSLCert' => 'Undefined', 'VerifySSLCertOptions' => $verify_ssl_cert_options, 'RequestTimeout' => SucuriScanOption::get_option(':request_timeout') . ' seconds', 'DatastorePath' => SucuriScanOption::get_option(':datastore_path'), 'CollectWrongPasswords' => 'No collect passwords', 'ModalWhenAPIRegistered' => $api_registered_modal, 'AuditReportStatus' => 'Enabled', 'AuditReportSwitchText' => 'Disable', 'AuditReportSwitchValue' => 'disable', 'AuditReportSwitchCssClass' => 'button-danger', 'AuditReportLimit' => $logs4report, 'ReverseProxyStatus' => 'Enabled', 'ReverseProxySwitchText' => 'Disable', 'ReverseProxySwitchValue' => 'disable', 'ReverseProxySwitchCssClass' => 'button-danger', 'DnsLookupsStatus' => 'Enabled', 'DnsLookupsSwitchText' => 'Disable', 'DnsLookupsSwitchValue' => 'disable', 'DnsLookupsSwitchCssClass' => 'button-danger', 'CommentMonitorStatus' => 'Enabled', 'CommentMonitorSwitchText' => 'Disable', 'CommentMonitorSwitchValue' => 'disable', 'CommentMonitorSwitchCssClass' => 'button-danger', 'XhrMonitorStatus' => 'Enabled', 'XhrMonitorSwitchText' => 'Disable', 'XhrMonitorSwitchValue' => 'disable', 'XhrMonitorSwitchCssClass' => 'button-danger', 'APIProxy.Host' => 'no_proxy_host', 'APIProxy.Port' => 'no_proxy_port', 'APIProxy.Username' => 'no_proxy_username', 'APIProxy.Password' => 'no_proxy_password', 'APIProxy.PasswordType' => 'default', 'APIProxy.PasswordText' => 'empty'); if (array_key_exists($emails_per_hour, $sucuriscan_emails_per_hour)) { $template_variables['EmailsPerHour'] = $sucuriscan_emails_per_hour[$emails_per_hour]; } if (array_key_exists($maximum_failed_logins, $sucuriscan_maximum_failed_logins)) { $template_variables['MaximumFailedLogins'] = $sucuriscan_maximum_failed_logins[$maximum_failed_logins]; } if (array_key_exists($verify_ssl_cert, $sucuriscan_verify_ssl_cert)) { $template_variables['VerifySSLCert'] = $sucuriscan_verify_ssl_cert[$verify_ssl_cert]; } if ($audit_report == 'disabled') { $template_variables['AuditReportStatus'] = 'Disabled'; $template_variables['AuditReportSwitchText'] = 'Enable'; $template_variables['AuditReportSwitchValue'] = 'enable'; $template_variables['AuditReportSwitchCssClass'] = 'button-success'; } if ($revproxy == 'disabled') { $template_variables['ReverseProxyStatus'] = 'Disabled'; $template_variables['ReverseProxySwitchText'] = 'Enable'; $template_variables['ReverseProxySwitchValue'] = 'enable'; $template_variables['ReverseProxySwitchCssClass'] = 'button-success'; } if ($dns_lookups == 'disabled') { $template_variables['DnsLookupsStatus'] = 'Disabled'; $template_variables['DnsLookupsSwitchText'] = 'Enable'; $template_variables['DnsLookupsSwitchValue'] = 'enable'; $template_variables['DnsLookupsSwitchCssClass'] = 'button-success'; } if ($comment_monitor == 'disabled') { $template_variables['CommentMonitorStatus'] = 'Disabled'; $template_variables['CommentMonitorSwitchText'] = 'Enable'; $template_variables['CommentMonitorSwitchValue'] = 'enable'; $template_variables['CommentMonitorSwitchCssClass'] = 'button-success'; } if ($xhr_monitor == 'disabled') { $template_variables['XhrMonitorStatus'] = 'Disabled'; $template_variables['XhrMonitorSwitchText'] = 'Enable'; $template_variables['XhrMonitorSwitchValue'] = 'enable'; $template_variables['XhrMonitorSwitchCssClass'] = 'button-success'; } if (sucuriscan_collect_wrong_passwords() === true) { $template_variables['CollectWrongPasswords'] = '<span class="sucuriscan-label-error">Yes, collect passwords</span>'; } // Determine if the API calls with pass through a proxy or not. if (class_exists('WP_HTTP_Proxy')) { $wp_http_proxy = new WP_HTTP_Proxy(); if ($wp_http_proxy->is_enabled()) { $proxy_host = SucuriScan::escape($wp_http_proxy->host()); $proxy_port = SucuriScan::escape($wp_http_proxy->port()); $proxy_username = SucuriScan::escape($wp_http_proxy->username()); $proxy_password = SucuriScan::escape($wp_http_proxy->password()); $template_variables['APIProxy.Host'] = $proxy_host; $template_variables['APIProxy.Port'] = $proxy_port; $template_variables['APIProxy.Username'] = $proxy_username; $template_variables['APIProxy.Password'] = $proxy_password; $template_variables['APIProxy.PasswordType'] = 'info'; $template_variables['APIProxy.PasswordText'] = 'hidden'; } } return SucuriScanTemplate::get_section('settings-general', $template_variables); }