本文整理汇总了PHP中AIOWPSecurity_Utility::generate_alpha_numeric_random_string方法的典型用法代码示例。如果您正苦于以下问题:PHP AIOWPSecurity_Utility::generate_alpha_numeric_random_string方法的具体用法?PHP AIOWPSecurity_Utility::generate_alpha_numeric_random_string怎么用?PHP AIOWPSecurity_Utility::generate_alpha_numeric_random_string使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类AIOWPSecurity_Utility的用法示例。
在下文中一共展示了AIOWPSecurity_Utility::generate_alpha_numeric_random_string方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: generate_maths_question
function generate_maths_question()
{
global $aio_wp_security;
//For now we will only do plus, minus, multiplication
$equation_string = '';
$operator_type = array('+', '−', '×');
$operand_display = array('word', 'number');
//let's now generate an equation
$operator = $operator_type[rand(0, 2)];
if ($operator === '×') {
//Don't make the question too hard if multiplication
$first_digit = rand(1, 5);
$second_digit = rand(1, 5);
} else {
$first_digit = rand(1, 20);
$second_digit = rand(1, 20);
}
if ($operand_display[rand(0, 1)] == 'word') {
$first_operand = $this->number_word_mapping($first_digit);
} else {
$first_operand = $first_digit;
}
if ($operand_display[rand(0, 1)] == 'word') {
$second_operand = $this->number_word_mapping($second_digit);
} else {
$second_operand = $second_digit;
}
//Let's caluclate the result and construct the equation string
if ($operator === '+') {
//Addition
$result = $first_digit + $second_digit;
$equation_string .= $first_operand . ' ' . $operator . ' ' . $second_operand . ' = ';
} else {
if ($operator === '−') {
//Subtraction
//If we are going to be negative let's swap operands around
if ($first_digit < $second_digit) {
$equation_string .= $second_operand . ' ' . $operator . ' ' . $first_operand . ' = ';
$result = $second_digit - $first_digit;
} else {
$equation_string .= $first_operand . ' ' . $operator . ' ' . $second_operand . ' = ';
$result = $first_digit - $second_digit;
}
} elseif ($operator === '×') {
//Multiplication
$equation_string .= $first_operand . ' ' . $operator . ' ' . $second_operand . ' = ';
$result = $first_digit * $second_digit;
}
}
//Let's encode correct answer
$captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
$current_time = time();
$enc_result = base64_encode($current_time . $captcha_secret_string . $result);
$random_str = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
AIOWPSecurity_Utility::is_multisite_install() ? set_site_transient('aiowps_captcha_string_info_' . $random_str, $enc_result, 30 * 60) : set_transient('aiowps_captcha_string_info_' . $random_str, $enc_result, 30 * 60);
$equation_string .= '<input type="hidden" name="aiowps-captcha-string-info" id="aiowps-captcha-string-info" value="' . $random_str . '" />';
$equation_string .= '<input type="hidden" name="aiowps-captcha-temp-string" id="aiowps-captcha-temp-string" value="' . $current_time . '" />';
$equation_string .= '<input type="text" size="2" id="aiowps-captcha-answer" name="aiowps-captcha-answer" value="" />';
return $equation_string;
}示例2: do_other_admin_side_init_tasks
function do_other_admin_side_init_tasks()
{
global $aio_wp_security;
//***New Feature improvement for Cookie Based Brute Force Protection***//
//The old "test cookie" used to be too easy to guess because someone could just read the code and get the value.
//So now we will drop a more secure test cookie using a 10 digit random string
if ($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention') == '1') {
// This code is for users who had this feature saved using an older release. This will drop the new more secure test cookie to the browser and will write it to the .htaccess file too
$test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
if (empty($test_cookie)) {
$random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
$test_cookie_name = 'aiowps_cookie_test_' . $random_suffix;
$aio_wp_security->configs->set_value('aiowps_cookie_brute_test', $test_cookie_name);
$aio_wp_security->configs->save_config();
//save the value
AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, "1");
//Write this new cookie to the .htaccess file
$res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
if ($res == -1) {
$aio_wp_security->debug_logger->log_debug("Error writing new test cookie with random suffix to .htaccess file!", 4);
}
}
}
//For cookie test form submission case
if (isset($_GET['page']) && $_GET['page'] == AIOWPSEC_BRUTE_FORCE_MENU_SLUG && isset($_GET['tab']) && $_GET['tab'] == 'tab2') {
global $aio_wp_security;
if (isset($_POST['aiowps_do_cookie_test_for_bfla'])) {
$random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
$test_cookie_name = 'aiowps_cookie_test_' . $random_suffix;
$aio_wp_security->configs->set_value('aiowps_cookie_brute_test', $test_cookie_name);
$aio_wp_security->configs->save_config();
//save the value
AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, "1");
$cur_url = "admin.php?page=" . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . "&tab=tab2";
$redirect_url = AIOWPSecurity_Utility::add_query_data_to_url($cur_url, 'aiowps_cookie_test', "1");
AIOWPSecurity_Utility::redirect_to_url($redirect_url);
}
if (isset($_POST['aiowps_enable_brute_force_attack_prevention'])) {
$brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
if (empty($brute_force_feature_secret_word)) {
$brute_force_feature_secret_word = "aiowps_secret";
}
AIOWPSecurity_Utility::set_cookie_value($brute_force_feature_secret_word, "1");
}
if (isset($_REQUEST['aiowps_cookie_test'])) {
$test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
$cookie_val = AIOWPSecurity_Utility::get_cookie_value($test_cookie);
if (empty($cookie_val)) {
$aio_wp_security->configs->set_value('aiowps_cookie_test_success', '');
} else {
$aio_wp_security->configs->set_value('aiowps_cookie_test_success', '1');
}
$aio_wp_security->configs->save_config();
//save the value
}
}
if (isset($_POST['aiowps_save_wp_config'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-save-wp-config-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on wp_config file save!", 4);
die("Nonce check failed on wp_config file save!");
}
$wp_config_path = AIOWPSecurity_Utility_File::get_wp_config_file_path();
$result = AIOWPSecurity_Utility_File::backup_and_rename_wp_config($wp_config_path);
//Backup the wp_config.php file
AIOWPSecurity_Utility_File::download_a_file_option1($wp_config_path, "wp-config-backup.txt");
}
//Handle export settings
if (isset($_POST['aiowps_export_settings'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-export-settings-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on export AIOWPS settings!", 4);
die("Nonce check failed on export AIOWPS settings!");
}
$config_data = get_option('aio_wp_security_configs');
$output = json_encode($config_data);
AIOWPSecurity_Utility_File::download_content_to_a_file($output);
}
}示例3: render_tab3
function render_tab3()
{
global $aio_wp_security;
global $aiowps_feature_mgr;
if (isset($_POST['aiowpsec_save_captcha_settings'])) {
$error = '';
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-captcha-settings-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on captcha settings save!", 4);
die("Nonce check failed on captcha settings save!");
}
//Save all the form values to the options
$random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20);
//Generate random 20 char string for use during captcha encode/decode
$aio_wp_security->configs->set_value('aiowps_captcha_secret_key', $random_20_digit_string);
$aio_wp_security->configs->set_value('aiowps_enable_login_captcha', isset($_POST["aiowps_enable_login_captcha"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_enable_custom_login_captcha', isset($_POST["aiowps_enable_custom_login_captcha"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_enable_lost_password_captcha', isset($_POST["aiowps_enable_lost_password_captcha"]) ? '1' : '');
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_settings_updated();
}
?>
<div class="aio_blue_box">
<?php
echo '<p>' . __('This feature allows you to add a captcha form on the WordPress login page.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('Users who attempt to login will also need to enter the answer to a simple mathematical question - if they enter the wrong answer, the plugin will not allow them login even if they entered the correct username and password.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('Therefore, adding a captcha form on the login page is another effective yet simple "Brute Force" prevention technique.', 'all-in-one-wp-security-and-firewall') . '
</p>';
?>
</div>
<form action="" method="POST">
<div class="postbox">
<h3 class="hndle"><label for="title"><?php
_e('Login Form Captcha Settings', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<?php
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("user-login-captcha");
?>
<?php
wp_nonce_field('aiowpsec-captcha-settings-nonce');
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Enable Captcha On Login Page', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input name="aiowps_enable_login_captcha" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_login_captcha') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to insert a captcha form on the login page', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
</table>
</div></div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php
_e('Custom Login Form Captcha Settings', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<?php
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("custom-login-captcha");
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Enable Captcha On Custom Login Form', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input name="aiowps_enable_custom_login_captcha" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_custom_login_captcha') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to insert captcha on a custom login form generated by the following WP function: wp_login_form()', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
</table>
//.........这里部分代码省略.........
示例4: render_tab2
function render_tab2()
{
global $aio_wp_security;
global $aiowps_feature_mgr;
if (isset($_POST['aiowpsec_save_registration_captcha_settings'])) {
$error = '';
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-registration-captcha-settings-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on registration captcha settings save!", 4);
die("Nonce check failed on registration captcha settings save!");
}
//Save all the form values to the options
$random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20);
//Generate random 20 char string for use during captcha encode/decode
$aio_wp_security->configs->set_value('aiowps_captcha_secret_key', $random_20_digit_string);
$aio_wp_security->configs->set_value('aiowps_enable_registration_page_captcha', isset($_POST["aiowps_enable_registration_page_captcha"]) ? '1' : '');
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_settings_updated();
}
?>
<div class="aio_blue_box">
<?php
echo '<p>' . __('This feature allows you to add a captcha form on the WordPress registration page.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('Users who attempt to register will also need to enter the answer to a simple mathematical question - if they enter the wrong answer, the plugin will not allow them to register.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('Therefore, adding a captcha form on the registration page is another effective yet simple SPAM registration prevention technique.', 'all-in-one-wp-security-and-firewall') . '
</p>';
?>
</div>
<div class="postbox">
<h3><label for="title"><?php
_e('Registration Page Captcha Settings', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<?php
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
//Hide config settings if MS and not main site
$special_msg = '<div class="aio_yellow_box">';
$special_msg .= '<p>' . __('The core default behaviour for WordPress Multi Site regarding user registration is that all users are registered via the main site.', 'all-in-one-wp-security-and-firewall') . '</p>';
$special_msg .= '<p>' . __('Therefore, if you would like to add a captcha form to the registration page for a Multi Site, please go to "Registration Captcha" settings on the main site.', 'all-in-one-wp-security-and-firewall') . '</p>';
$special_msg .= '</div>';
echo $special_msg;
} else {
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("user-registration-captcha");
?>
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-registration-captcha-settings-nonce');
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Enable Captcha On Registration Page', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input name="aiowps_enable_registration_page_captcha" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to insert a captcha form on the WordPress user registration page (if you allow user registration).', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
</table>
<input type="submit" name="aiowpsec_save_registration_captcha_settings" value="<?php
_e('Save Settings', 'all-in-one-wp-security-and-firewall');
?>
" class="button-primary" />
</form>
</div></div>
<?php
}
}示例5: add_option_values
static function add_option_values()
{
global $aio_wp_security;
$blog_email_address = get_bloginfo('admin_email');
//Get the blog admin email address - we will use as the default value
//WP Generator Meta Tag feature
$aio_wp_security->configs->add_value('aiowps_remove_wp_generator_meta_info', '');
//Checkbox
//Prevent Image Hotlinks
$aio_wp_security->configs->add_value('aiowps_prevent_hotlinking', '');
//Checkbox
//General Settings Page
//User password feature
//Lockdown feature
$aio_wp_security->configs->add_value('aiowps_enable_login_lockdown', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_allow_unlock_requests', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_max_login_attempts', '3');
$aio_wp_security->configs->add_value('aiowps_retry_time_period', '5');
$aio_wp_security->configs->add_value('aiowps_lockout_time_length', '60');
$aio_wp_security->configs->add_value('aiowps_set_generic_login_msg', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_enable_email_notify', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_email_address', $blog_email_address);
//text field
$aio_wp_security->configs->add_value('aiowps_enable_forced_logout', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_logout_time_period', '60');
$aio_wp_security->configs->add_value('aiowps_enable_invalid_username_lockdown', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_unlock_request_secret_key', AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20));
//Hidden secret value which will be used to do some unlock request processing. This will be assigned a random string generated when lockdown settings saved
//Login Whitelist feature
$aio_wp_security->configs->add_value('aiowps_enable_whitelisting', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_allowed_ip_addresses', '');
//Captcha feature
$aio_wp_security->configs->add_value('aiowps_enable_login_captcha', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_captcha_secret_key', AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20));
//Hidden secret value which will be used to do some captcha processing. This will be assigned a random string generated when captcha settings saved
//User registration
$aio_wp_security->configs->add_value('aiowps_enable_manual_registration_approval', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_enable_registration_page_captcha', '');
//Checkbox
//DB Security feature
//$aio_wp_security->configs->add_value('aiowps_new_manual_db_pefix',''); //text field
$aio_wp_security->configs->add_value('aiowps_enable_random_prefix', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_enable_automated_backups', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_db_backup_frequency', '4');
$aio_wp_security->configs->add_value('aiowps_db_backup_interval', '2');
//Dropdown box where (0,1,2) => (hours,days,weeks)
$aio_wp_security->configs->add_value('aiowps_backup_files_stored', '2');
$aio_wp_security->configs->add_value('aiowps_send_backup_email_address', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_backup_email_address', $blog_email_address);
//Filesystem Security feature
$aio_wp_security->configs->add_value('aiowps_disable_file_editing', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_prevent_default_wp_file_access', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_system_log_file', 'error_log');
//Blacklist feature
$aio_wp_security->configs->add_value('aiowps_enable_blacklisting', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_banned_ip_addresses', '');
//Firewall features
$aio_wp_security->configs->add_value('aiowps_enable_basic_firewall', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_enable_pingback_firewall', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_disable_index_views', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_disable_trace_and_track', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_forbid_proxy_comments', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_deny_bad_query_strings', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_advanced_char_string_filter', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_enable_5g_firewall', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_enable_brute_force_attack_prevention', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_brute_force_secret_word', '');
$aio_wp_security->configs->add_value('aiowps_cookie_based_brute_force_redirect_url', 'http://127.0.0.1');
$aio_wp_security->configs->add_value('aiowps_brute_force_attack_prevention_pw_protected_exception', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_brute_force_attack_prevention_ajax_exception', '');
//Checkbox
//404 detection
$aio_wp_security->configs->add_value('aiowps_enable_404_logging', '');
//Checkbox
$aio_wp_security->configs->add_value('aiowps_enable_404_IP_lockout', '');
//.........这里部分代码省略.........
示例6: execute_backup
/**
* This function will perform a database backup
*/
function execute_backup()
{
global $wpdb, $aio_wp_security;
$is_multi_site = false;
@ini_set('auto_detect_line_endings', true);
if (function_exists('is_multisite') && is_multisite()) {
//Let's get the current site's table prefix
$site_pref = esc_sql($wpdb->prefix);
$db_query = "SHOW TABLES LIKE '" . $site_pref . "%'";
$tables = $wpdb->get_results($db_query, ARRAY_N);
$is_multi_site = true;
} else {
//get all of the tables
$tables = $wpdb->get_results('SHOW TABLES', ARRAY_N);
if (empty($tables)) {
$aio_wp_security->debug_logger->log_debug("execute_backup() - no tables found!", 4);
return FALSE;
}
}
$return = '';
//cycle through each table
foreach ($tables as $table) {
$result = $wpdb->get_results('SELECT * FROM `' . $table[0] . '`;', ARRAY_N);
$num_fields = sizeof($wpdb->get_results('DESCRIBE `' . $table[0] . '`;'));
$return .= 'DROP TABLE IF EXISTS `' . $table[0] . '`;';
$row2 = $wpdb->get_row('SHOW CREATE TABLE `' . $table[0] . '`;', ARRAY_N);
if (empty($row2)) {
$aio_wp_security->debug_logger->log_debug("execute_backup() - get_row returned NULL for table: " . $table[0], 4);
}
$return .= PHP_EOL . PHP_EOL . $row2[1] . ";" . PHP_EOL . PHP_EOL;
foreach ($result as $row) {
$return .= 'INSERT INTO `' . $table[0] . '` VALUES(';
for ($j = 0; $j < $num_fields; $j++) {
$row[$j] = addslashes($row[$j]);
//$row[$j] = ereg_replace( PHP_EOL, "\n", $row[$j] ); //deprecated!
$row[$j] = preg_replace("/" . PHP_EOL . "/", "\n", $row[$j]);
if (isset($row[$j])) {
$return .= '"' . $row[$j] . '"';
} else {
$return .= '""';
}
if ($j < $num_fields - 1) {
$return .= ',';
}
}
$return .= ");" . PHP_EOL;
}
$return .= PHP_EOL . PHP_EOL;
}
$return .= PHP_EOL . PHP_EOL;
//Check to see if the main "backups" directory exists - create it otherwise
$aiowps_backup_dir = WP_CONTENT_DIR . '/' . AIO_WP_SECURITY_BACKUPS_DIR_NAME;
$aiowps_backup_url = content_url() . '/' . AIO_WP_SECURITY_BACKUPS_DIR_NAME;
if (!AIOWPSecurity_Utility_File::create_dir($aiowps_backup_dir)) {
$aio_wp_security->debug_logger->log_debug("Creation of DB backup directory failed!", 4);
return false;
}
//Generate a random prefix for more secure filenames
$random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
if ($is_multi_site) {
global $current_blog;
$blog_id = $current_blog->blog_id;
//Get the current site name string for use later
$site_name = get_bloginfo('name');
$site_name = strtolower($site_name);
//make alphaunermic
$site_name = preg_replace("/[^a-z0-9_\\s-]/", "", $site_name);
//Cleanup multiple instances of dashes or whitespaces
$site_name = preg_replace("/[\\s-]+/", " ", $site_name);
//Convert whitespaces and underscore to dash
$site_name = preg_replace("/[\\s_]/", "-", $site_name);
$file = 'database-backup-site-name-' . $site_name . '-' . current_time('Ymd-His') . '-' . $random_suffix;
//We will create a sub dir for the blog using its blog id
$dirpath = $aiowps_backup_dir . '/blogid_' . $blog_id;
//Create a subdirectory for this blog_id
if (!AIOWPSecurity_Utility_File::create_dir($dirpath)) {
$aio_wp_security->debug_logger->log_debug("Creation failed of DB backup directory for the following multisite blog ID: " . $blog_id, 4);
return false;
}
} else {
$dirpath = $aiowps_backup_dir;
$file = 'database-backup-' . current_time('Ymd-His') . '-' . $random_suffix;
}
$handle = @fopen($dirpath . '/' . $file . '.sql', 'w+');
$fw_res = @fwrite($handle, $return);
if (!$fw_res) {
$aio_wp_security->debug_logger->log_debug("execute_backup() - Write to DB backup file failed", 4);
return false;
}
@fclose($handle);
//zip the file
if (class_exists('ZipArchive')) {
$zip = new ZipArchive();
$archive = $zip->open($dirpath . '/' . $file . '.zip', ZipArchive::CREATE);
$zip->addFile($dirpath . '/' . $file . '.sql', $file . '.sql');
$zip->close();
//delete .sql and keep zip
//.........这里部分代码省略.........
示例7: render_tab1
function render_tab1()
{
global $wpdb, $aio_wp_security;
$old_db_prefix = $wpdb->prefix;
$new_db_prefix = '';
$perform_db_change = false;
if (isset($_POST['aiowps_db_prefix_change'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-db-prefix-change-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed for DB prefix change operation!", 4);
die(__('Nonce check failed for DB prefix change operation!', 'aiowpsecurity'));
}
//Let's first check if user's system allows writing to wp-config.php file. If plugin cannot write to wp-config we will not do the prefix change.
$config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path();
$file_write = AIOWPSecurity_Utility_File::is_file_writable($config_file);
if (!$file_write) {
$this->show_msg_error(__('The plugin has detected that it cannot write to the wp-config.php file. This feature can only be used if the plugin can successfully write to the wp-config.php file.', 'aiowpsecurity'));
} else {
if (isset($_POST['aiowps_enable_random_prefix'])) {
//User has elected to generate a random DB prefix
$string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string('6');
$new_db_prefix = $string . '_';
$perform_db_change = true;
} else {
if (empty($_POST['aiowps_new_manual_db_prefix'])) {
$this->show_msg_error(__('Please enter a value for the DB prefix.', 'aiowpsecurity'));
} else {
//User has chosen their own DB prefix value
$new_db_prefix = wp_strip_all_tags(trim($_POST['aiowps_new_manual_db_prefix']));
$error = $wpdb->set_prefix($new_db_prefix);
if (is_wp_error($error)) {
wp_die(__('<strong>ERROR</strong>: The table prefix can only contain numbers, letters, and underscores.', 'aiowpsecurity'));
}
$perform_db_change = true;
}
}
}
}
?>
<h2><?php
_e('Change Database Prefix', 'aiowpsecurity');
?>
</h2>
<div class="aio_blue_box">
<?php
echo '<p>' . __('Your WordPress DB is the most important asset of your website because it contains a lot of your site\'s precious information.', 'aiowpsecurity') . '
<br />' . __('The DB is also a target for hackers via methods such as SQL injections and malicious and automated code which targets certain tables.', 'aiowpsecurity') . '
<br />' . __('One way to add a layer of protection for your DB is to change the default WordPress table prefix from "wp_" to something else which will be difficult for hackers to guess.', 'aiowpsecurity') . '
<br />' . __('This feature allows you to easily change the prefix to a value of your choice or to a random value set by this plugin.', 'aiowpsecurity') . '
</p>';
?>
</div>
<div class="postbox">
<h3><label for="title"><?php
_e('DB Prefix Options', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<?php
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("db-security-db-prefix");
?>
<div class="aio_yellow_box">
<?php
$backup_tab_link = '<a href="admin.php?page=' . AIOWPSEC_DB_SEC_MENU_SLUG . '&tab=tab2">DB Backup</a>';
$info_msg = '<p>' . sprintf(__('It is recommended that you perform a %s before using this feature', 'aiowpsecurity'), $backup_tab_link) . '</p>';
echo $info_msg;
?>
</div>
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-db-prefix-change-nonce');
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Current DB Table Prefix', 'aiowpsecurity');
?>
:</th>
<td>
<span class="aiowpsec_field_value"><strong><?php
echo $wpdb->prefix;
?>
</strong></span>
<?php
//now let's display a warning notification if default prefix is used
if ($old_db_prefix == 'wp_') {
echo ' <span class="aio_error_with_icon">' . __('Your site is currently using the default WordPress DB prefix value of "wp_".
To increase your site\'s security you should consider changing the DB prefix value to another value.', 'aiowpsecurity') . '</span>';
}
?>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php
//.........这里部分代码省略.........
示例8: render_tab1
function render_tab1()
{
global $aio_wp_security;
global $aiowps_feature_mgr;
include_once 'wp-security-list-locked-ip.php';
//For rendering the AIOWPSecurity_List_Table in tab1
$locked_ip_list = new AIOWPSecurity_List_Locked_IP();
//For rendering the AIOWPSecurity_List_Table in tab1
if (isset($_POST['aiowps_login_lockdown'])) {
$error = '';
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-login-lockdown-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on login lockdown options save!", 4);
die("Nonce check failed on login lockdown options save!");
}
$max_login_attempt_val = sanitize_text_field($_POST['aiowps_max_login_attempts']);
if (!is_numeric($max_login_attempt_val)) {
$error .= '<br />' . __('You entered a non numeric value for the max login attempts field. It has been set to the default value.', 'all-in-one-wp-security-and-firewall');
$max_login_attempt_val = '3';
//Set it to the default value for this field
}
$login_retry_time_period = sanitize_text_field($_POST['aiowps_retry_time_period']);
if (!is_numeric($login_retry_time_period)) {
$error .= '<br />' . __('You entered a non numeric value for the login retry time period field. It has been set to the default value.', 'all-in-one-wp-security-and-firewall');
$login_retry_time_period = '5';
//Set it to the default value for this field
}
$lockout_time_length = sanitize_text_field($_POST['aiowps_lockout_time_length']);
if (!is_numeric($lockout_time_length)) {
$error .= '<br />' . __('You entered a non numeric value for the lockout time length field. It has been set to the default value.', 'all-in-one-wp-security-and-firewall');
$lockout_time_length = '60';
//Set it to the default value for this field
}
$email_address = sanitize_email($_POST['aiowps_email_address']);
if (!is_email($email_address)) {
$error .= '<br />' . __('You have entered an incorrect email address format. It has been set to your WordPress admin email as default.', 'all-in-one-wp-security-and-firewall');
$email_address = get_bloginfo('admin_email');
//Set the default value to the blog admin email
}
if ($error) {
$this->show_msg_error(__('Attention!', 'all-in-one-wp-security-and-firewall') . $error);
}
//Save all the form values to the options
$random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20);
//Generate random 20 char string for use during captcha encode/decode
$aio_wp_security->configs->set_value('aiowps_unlock_request_secret_key', $random_20_digit_string);
$aio_wp_security->configs->set_value('aiowps_enable_login_lockdown', isset($_POST["aiowps_enable_login_lockdown"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_allow_unlock_requests', isset($_POST["aiowps_allow_unlock_requests"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_max_login_attempts', absint($max_login_attempt_val));
$aio_wp_security->configs->set_value('aiowps_retry_time_period', absint($login_retry_time_period));
$aio_wp_security->configs->set_value('aiowps_lockout_time_length', absint($lockout_time_length));
$aio_wp_security->configs->set_value('aiowps_set_generic_login_msg', isset($_POST["aiowps_set_generic_login_msg"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_enable_invalid_username_lockdown', isset($_POST["aiowps_enable_invalid_username_lockdown"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_enable_email_notify', isset($_POST["aiowps_enable_email_notify"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_email_address', $email_address);
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_settings_updated();
}
if (isset($_REQUEST['action'])) {
if ($_REQUEST['action'] == 'delete_blocked_ip') {
//Delete link was clicked for a row in list table
$locked_ip_list->delete_lockdown_records(strip_tags($_REQUEST['lockdown_id']));
}
if ($_REQUEST['action'] == 'unlock_ip') {
//Unlock link was clicked for a row in list table
$locked_ip_list->unlock_ip_range(strip_tags($_REQUEST['lockdown_id']));
}
}
?>
<h2><?php
_e('Login Lockdown Configuration', 'all-in-one-wp-security-and-firewall');
?>
</h2>
<div class="aio_blue_box">
<?php
$brute_force_login_feature_link = '<a href="admin.php?page=' . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . '&tab=tab2">Cookie-Based Brute Force Login Prevention</a>';
echo '<p>' . __('One of the ways hackers try to compromise sites is via a ', 'all-in-one-wp-security-and-firewall') . '<strong>' . __('Brute Force Login Attack', 'all-in-one-wp-security-and-firewall') . '</strong>.
<br />' . __('This is where attackers use repeated login attempts until they guess the password.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('Apart from choosing strong passwords, monitoring and blocking IP addresses which are involved in repeated login failures in a short period of time is a very effective way to stop these types of attacks.', 'all-in-one-wp-security-and-firewall') . '<p>' . sprintf(__('You may also want to checkout our %s feature for another secure way to protect against these types of attacks.', 'all-in-one-wp-security-and-firewall'), $brute_force_login_feature_link) . '</p>';
?>
</div>
<div class="postbox">
<h3><label for="title"><?php
_e('Login Lockdown Options', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<?php
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("user-login-login-lockdown");
?>
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-login-lockdown-nonce');
?>
//.........这里部分代码省略.........
示例9: render_tab2
function render_tab2()
{
global $aio_wp_security;
if (isset($_POST['aiowps_save_htaccess'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-save-htaccess-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on htaccess file save!", 4);
die("Nonce check failed on htaccess file save!");
}
$htaccess_path = ABSPATH . '.htaccess';
$result = AIOWPSecurity_Utility_File::backup_and_rename_htaccess($htaccess_path);
//Backup the htaccess file
if ($result) {
$random_prefix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
$aiowps_backup_dir = WP_CONTENT_DIR . '/' . AIO_WP_SECURITY_BACKUPS_DIR_NAME;
if (rename($aiowps_backup_dir . '/' . '.htaccess.backup', $aiowps_backup_dir . '/' . $random_prefix . '_htaccess_backup.txt')) {
echo '<div id="message" class="updated fade"><p>';
_e('Your .htaccess file was successfully backed up! Using an FTP program go to the "/wp-content/aiowps_backups" directory to save a copy of the file to your computer.', 'aiowpsecurity');
echo '</p></div>';
} else {
$aio_wp_security->debug_logger->log_debug("htaccess file rename failed during backup!", 4);
$this->show_msg_error(__('htaccess file rename failed during backup. Please check your root directory for the backup file using FTP.', 'aiowpsecurity'));
}
} else {
$aio_wp_security->debug_logger->log_debug("htaccess - Backup operation failed!", 4);
$this->show_msg_error(__('htaccess backup failed.', 'aiowpsecurity'));
}
}
if (isset($_POST['aiowps_restore_htaccess_button'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-restore-htaccess-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on htaccess file restore!", 4);
die("Nonce check failed on htaccess file restore!");
}
if (empty($_POST['aiowps_htaccess_file'])) {
$this->show_msg_error(__('Please choose a .htaccess to restore from.', 'aiowpsecurity'));
} else {
//Let's copy the uploaded .htaccess file into the active root file
$new_htaccess_file_path = trim($_POST['aiowps_htaccess_file']);
//TODO
//Verify that file chosen has contents which are relevant to .htaccess file
$is_htaccess = AIOWPSecurity_Utility_Htaccess::check_if_htaccess_contents($new_htaccess_file_path);
if ($is_htaccess == 1) {
$active_root_htaccess = ABSPATH . '.htaccess';
if (!copy($new_htaccess_file_path, $active_root_htaccess)) {
//Failed to make a backup copy
$aio_wp_security->debug_logger->log_debug("htaccess - Restore from .htaccess operation failed!", 4);
$this->show_msg_error(__('htaccess file restore failed. Please attempt to restore the .htaccess manually using FTP.', 'aiowpsecurity'));
} else {
$this->show_msg_updated(__('Your .htaccess file has successfully been restored!', 'aiowpsecurity'));
}
} else {
$aio_wp_security->debug_logger->log_debug("htaccess restore failed - Contents of restore file appear invalid!", 4);
$this->show_msg_error(__('htaccess Restore operation failed! Please check the contents of the file you are trying to restore from.', 'aiowpsecurity'));
}
}
}
?>
<h2><?php
_e('.htaccess File Operations', 'aiowpsecurity');
?>
</h2>
<div class="aio_blue_box">
<?php
echo '<p>' . __('Your ".htaccess" file is a key component of your website\'s security and it can be modified to implement various levels of protection mechanisms.', 'aiowpsecurity') . '
<br />' . __('This feature allows you to backup and save your currently active .htaccess file should you need to re-use the the backed up file in the future.', 'aiowpsecurity') . '
<br />' . __('You can also restore your site\'s .htaccess settings using a backed up .htaccess file.', 'aiowpsecurity') . '
</p>';
?>
</div>
<?php
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
//Hide config settings if MS and not main site
AIOWPSecurity_Utility::display_multisite_message();
} else {
?>
<div class="postbox">
<h3><label for="title"><?php
_e('Save the current .htaccess file', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-save-htaccess-nonce');
?>
<p class="description"><?php
_e('Click the button below to backup and save the currently active .htaccess file.', 'aiowpsecurity');
?>
</p>
<input type="submit" name="aiowps_save_htaccess" value="<?php
_e('Backup .htaccess File', 'aiowpsecurity');
?>
" class="button-primary" />
</form>
</div></div>
<div class="postbox">
<h3><label for="title"><?php
_e('Restore from a backed up .htaccess file', 'aiowpsecurity');
?>
//.........这里部分代码省略.........
示例10: render_tab1
function render_tab1()
{
global $aiowps_feature_mgr;
global $aio_wp_security;
if (isset($_POST['aiowps_apply_comment_spam_prevention_settings'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-comment-spam-settings-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on save comment spam settings!", 4);
die("Nonce check failed on save comment spam settings!");
}
//Save settings
$random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20);
//Generate random 20 char string for use during captcha encode/decode
$aio_wp_security->configs->set_value('aiowps_captcha_secret_key', $random_20_digit_string);
$aio_wp_security->configs->set_value('aiowps_enable_comment_captcha', isset($_POST["aiowps_enable_comment_captcha"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_enable_spambot_blocking', isset($_POST["aiowps_enable_spambot_blocking"]) ? '1' : '');
//Commit the config settings
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
//Now let's write the applicable rules to the .htaccess file
$res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
if ($res) {
$this->show_msg_updated(__('Settings were successfully saved', 'aiowpsecurity'));
} else {
if ($res == -1) {
$this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'aiowpsecurity'));
}
}
}
?>
<h2><?php
_e('Comment SPAM Settings', 'aiowpsecurity');
?>
</h2>
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-comment-spam-settings-nonce');
?>
<div class="postbox">
<h3><label for="title"><?php
_e('Add Captcha To Comments Form', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<div class="aio_blue_box">
<?php
echo '<p>' . __('This feature will add a simple math captcha field in the WordPress comments form.', 'aiowpsecurity') . '<br />' . __('Adding a captcha field in the comment form is a simple way of greatly reducing SPAM comments from bots without using .htaccess rules.', 'aiowpsecurity') . '</p>';
?>
</div>
<?php
//Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("comment-form-captcha");
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) {
//Hide config settings if MS and not main site
AIOWPSecurity_Utility::display_multisite_message();
} else {
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Enable Captcha On Comment Forms', 'aiowpsecurity');
?>
:</th>
<td>
<input name="aiowps_enable_comment_captcha" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to insert a captcha field on the comment forms', 'aiowpsecurity');
?>
</span>
</td>
</tr>
</table>
<?php
}
//End if statement
?>
</div></div>
<div class="postbox">
<h3><label for="title"><?php
_e('Block Spambot Comments', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<div class="aio_blue_box">
<?php
echo '<p>' . __('A large portion of WordPress blog comment SPAM is mainly produced by automated bots and not necessarily by humans. ', 'aiowpsecurity') . '<br />' . __('This feature will greatly minimize the useless and unecessary traffic and load on your server resulting from SPAM comments by blocking all comment requests which do not originate from your domain.', 'aiowpsecurity') . '<br />' . __('In other words, if the comment was not submitted by a human who physically submitted the comment on your site, the request will be blocked.', 'aiowpsecurity') . '</p>';
?>
</div>
<?php
//Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("block-spambots");
//.........这里部分代码省略.........