admin.php
2 years ago
ajax.php
2 years ago
captcha.php
2 years ago
functions.php
2 years ago
setup.php
2 years ago
stats.php
2 years ago
utility.php
2 years ago
setup.php
721 lines
| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * WP Captcha |
| 5 | * https://getwpcaptcha.com/ |
| 6 | * (c) WebFactory Ltd, 2022 - 2023, www.webfactoryltd.com |
| 7 | */ |
| 8 | |
| 9 | class WPCaptcha_Setup extends WPCaptcha |
| 10 | { |
| 11 | static $wp_filesystem; |
| 12 | |
| 13 | /** |
| 14 | * Actions to run on load, but init would be too early as not all classes are initialized |
| 15 | * |
| 16 | * @return null |
| 17 | */ |
| 18 | static function load_actions() |
| 19 | { |
| 20 | self::register_custom_tables(); |
| 21 | } // admin_actions |
| 22 | |
| 23 | static function setup_wp_filesystem() |
| 24 | { |
| 25 | global $wp_filesystem; |
| 26 | |
| 27 | if (empty($wp_filesystem)) { |
| 28 | require_once ABSPATH . '/wp-admin/includes/file.php'; |
| 29 | WP_Filesystem(); |
| 30 | } |
| 31 | |
| 32 | self::$wp_filesystem = $wp_filesystem; |
| 33 | return self::$wp_filesystem; |
| 34 | } // setup_wp_filesystem |
| 35 | |
| 36 | /** |
| 37 | * Check if user has the minimal WP version required by WP Captcha |
| 38 | * |
| 39 | * @since 5.0 |
| 40 | * |
| 41 | * @return bool |
| 42 | * |
| 43 | */ |
| 44 | static function check_wp_version($min_version) |
| 45 | { |
| 46 | if (!version_compare(get_bloginfo('version'), $min_version, '>=')) { |
| 47 | add_action('admin_notices', array(__CLASS__, 'notice_min_wp_version')); |
| 48 | return false; |
| 49 | } else { |
| 50 | return true; |
| 51 | } |
| 52 | } // check_wp_version |
| 53 | |
| 54 | /** |
| 55 | * Check if user has the minimal PHP version required by WP Captcha |
| 56 | * |
| 57 | * @since 5.0 |
| 58 | * |
| 59 | * @return bool |
| 60 | * |
| 61 | */ |
| 62 | static function check_php_version($min_version) |
| 63 | { |
| 64 | if (!version_compare(phpversion(), $min_version, '>=')) { |
| 65 | add_action('admin_notices', array(__CLASS__, 'notice_min_php_version')); |
| 66 | return false; |
| 67 | } else { |
| 68 | return true; |
| 69 | } |
| 70 | } // check_wp_version |
| 71 | |
| 72 | /** |
| 73 | * Display error message if WP version is too low |
| 74 | * |
| 75 | * @since 5.0 |
| 76 | * |
| 77 | * @return null |
| 78 | * |
| 79 | */ |
| 80 | static function notice_min_wp_version() |
| 81 | { |
| 82 | WPCaptcha_Utility::wp_kses_wf('<div class="error"><p>' . sprintf(__('WP Captcha plugin <b>requires WordPress version 4.6</b> or higher to function properly. You are using WordPress version %s. Please <a href="%s">update it</a>.', 'advanced-google-recaptcha'), get_bloginfo('version'), admin_url('update-core.php')) . '</p></div>'); |
| 83 | } // notice_min_wp_version_error |
| 84 | |
| 85 | /** |
| 86 | * Display error message if PHP version is too low |
| 87 | * |
| 88 | * @since 5.0 |
| 89 | * |
| 90 | * @return null |
| 91 | * |
| 92 | */ |
| 93 | static function notice_min_php_version() |
| 94 | { |
| 95 | WPCaptcha_Utility::wp_kses_wf('<div class="error"><p>' . sprintf(__('WP Captcha plugin <b>requires PHP version 5.6.20</b> or higher to function properly. You are using PHP version %s. Please <a href="%s" target="_blank">update it</a>.', 'advanced-google-recaptcha'), phpversion(), 'https://wordpress.org/support/update-php/') . '</p></div>'); |
| 96 | } // notice_min_wp_version_error |
| 97 | |
| 98 | |
| 99 | /** |
| 100 | * activate doesn't get fired on upgrades so we have to compensate |
| 101 | * |
| 102 | * @since 5.0 |
| 103 | * |
| 104 | * @return null |
| 105 | * |
| 106 | */ |
| 107 | public static function maybe_upgrade() |
| 108 | { |
| 109 | $meta = self::get_meta(); |
| 110 | if (empty($meta['database_ver']) || $meta['database_ver'] < self::$version) { |
| 111 | self::create_custom_tables(); |
| 112 | } |
| 113 | |
| 114 | |
| 115 | // Copy options from free |
| 116 | $options = get_option(WPCAPTCHA_OPTIONS_KEY); |
| 117 | if (false === $options) { |
| 118 | $free_options = get_option("agr_options"); |
| 119 | if (false !== $free_options && isset($free_options['enable_login'])) { |
| 120 | $options['captcha'] = $free_options['captcha_type'] == 'v3'?'recaptchav3':'recaptchav2'; |
| 121 | $options['captcha_site_key'] = $free_options['site_key']; |
| 122 | $options['captcha_secret_key'] = $free_options['secret_key']; |
| 123 | $options['captcha_show_login'] = $free_options['enable_login']; |
| 124 | $options['captcha_show_wp_registration'] = $free_options['enable_register']; |
| 125 | $options['captcha_show_wp_lost_password'] = $free_options['enable_lost_password']; |
| 126 | $options['captcha_show_wp_comment'] = $free_options['enable_comment_form']; |
| 127 | $options['captcha_show_woo_registration'] = $free_options['enable_woo_register']; |
| 128 | $options['captcha_show_woo_checkout'] = $free_options['enable_woo_checkout']; |
| 129 | $options['captcha_show_edd_registration'] = $free_options['enable_edd_register']; |
| 130 | $options['captcha_show_bp_registration'] = $free_options['enable_bp_register']; |
| 131 | |
| 132 | update_option(WPCAPTCHA_OPTIONS_KEY, $options); |
| 133 | ///delete_option("agr_options"); |
| 134 | } |
| 135 | } |
| 136 | } // maybe_upgrade |
| 137 | |
| 138 | |
| 139 | /** |
| 140 | * Get plugin options |
| 141 | * |
| 142 | * @since 5.0 |
| 143 | * |
| 144 | * @return array options |
| 145 | * |
| 146 | */ |
| 147 | static function get_options() |
| 148 | { |
| 149 | $options = get_option(WPCAPTCHA_OPTIONS_KEY, array()); |
| 150 | |
| 151 | if (!is_array($options)) { |
| 152 | $options = array(); |
| 153 | } |
| 154 | $options = array_merge(self::default_options(), $options); |
| 155 | |
| 156 | return $options; |
| 157 | } // get_options |
| 158 | |
| 159 | /** |
| 160 | * Register all settings |
| 161 | * |
| 162 | * @since 5.0 |
| 163 | * |
| 164 | * @return false |
| 165 | * |
| 166 | */ |
| 167 | static function register_settings() |
| 168 | { |
| 169 | register_setting(WPCAPTCHA_OPTIONS_KEY, WPCAPTCHA_OPTIONS_KEY, array(__CLASS__, 'sanitize_settings')); |
| 170 | } // register_settings |
| 171 | |
| 172 | |
| 173 | /** |
| 174 | * Set default options |
| 175 | * |
| 176 | * @since 5.0 |
| 177 | * |
| 178 | * @return null |
| 179 | * |
| 180 | */ |
| 181 | static function default_options() |
| 182 | { |
| 183 | $defaults = array( |
| 184 | 'login_protection' => 0, |
| 185 | 'max_login_retries' => 3, |
| 186 | 'retries_within' => 5, |
| 187 | 'lockout_length' => 60, |
| 188 | 'lockout_invalid_usernames' => 1, |
| 189 | 'mask_login_errors' => 0, |
| 190 | 'show_credit_link' => 0, |
| 191 | 'anonymous_logging' => 0, |
| 192 | 'block_bots' => 0, |
| 193 | 'log_passwords' => 0, |
| 194 | 'instant_block_nonusers' => 0, |
| 195 | 'cookie_lifetime' => 14, |
| 196 | 'country_blocking_mode' => 'none', |
| 197 | 'country_blocking_countries' => '', |
| 198 | 'block_undetermined_countries' => 0, |
| 199 | 'captcha' => 'disabled', |
| 200 | 'captcha_secret_key' => '', |
| 201 | 'captcha_site_key' => '', |
| 202 | 'captcha_show_login' => 1, |
| 203 | 'captcha_show_wp_registration' => 1, |
| 204 | 'captcha_show_wp_lost_password' => 1, |
| 205 | 'captcha_show_wp_comment' => 1, |
| 206 | 'captcha_show_woo_registration' => 0, |
| 207 | 'captcha_show_woo_checkout' => 0, |
| 208 | 'captcha_show_edd_registration' => 0, |
| 209 | 'captcha_show_bp_registration' => 0, |
| 210 | 'login_url' => '', |
| 211 | 'login_redirect_url' => '', |
| 212 | 'global_block' => 0, |
| 213 | 'country_global_block' => 0, |
| 214 | 'uninstall_delete' => 0, |
| 215 | 'block_message' => 'We\'re sorry, but your IP has been blocked due to too many recent failed login attempts.', |
| 216 | 'block_message_country' => 'We\'re sorry, but access from your location is not allowed.', |
| 217 | 'global_unblock_key' => 'll' . md5(time() . rand(10000, 9999)), |
| 218 | 'whitelist' => array(), |
| 219 | 'firewall_block_bots' => 0, |
| 220 | 'firewall_directory_traversal' => 0, |
| 221 | 'design_enable' => 0, |
| 222 | 'design_template' => 'orange', |
| 223 | 'design_background_color' => '', |
| 224 | 'design_background_image' => '', |
| 225 | 'design_logo' => '', |
| 226 | 'design_logo_url' => '', |
| 227 | 'design_logo_width' => '', |
| 228 | 'design_logo_height' => '', |
| 229 | 'design_logo_margin_bottom' => '', |
| 230 | 'design_text_color' => '#3c434a', |
| 231 | 'design_link_color' => '#2271b1', |
| 232 | 'design_link_hover_color' => '#135e96', |
| 233 | 'design_form_border_color' => '#FFFFFF', |
| 234 | 'design_form_border_width' => 1, |
| 235 | 'design_form_width' => '', |
| 236 | 'design_form_width' => '', |
| 237 | 'design_form_height' => '', |
| 238 | 'design_form_padding' => 26, |
| 239 | 'design_form_border_radius' => 2, |
| 240 | 'design_form_background_color' => '', |
| 241 | 'design_form_background_image' => '', |
| 242 | 'design_label_font_size' => 14, |
| 243 | 'design_label_text_color' => '#3c434a', |
| 244 | 'design_field_font_size' => 13, |
| 245 | 'design_field_text_color' => '#3c434a', |
| 246 | 'design_field_border_color' => '#8c8f94', |
| 247 | 'design_field_border_width' => 1, |
| 248 | 'design_field_border_radius' => 2, |
| 249 | 'design_field_background_color' => '#ffffff', |
| 250 | 'design_button_font_size' => 14, |
| 251 | 'design_button_text_color' => '', |
| 252 | 'design_button_border_color' => '#2271b1', |
| 253 | 'design_button_border_width' => 0, |
| 254 | 'design_button_border_radius' => 2, |
| 255 | 'design_button_background_color' => '#2271b1', |
| 256 | 'design_button_hover_text_color' => '', |
| 257 | 'design_button_hover_border_color' => '', |
| 258 | 'design_button_hover_background_color' => '', |
| 259 | 'design_custom_css' => '' |
| 260 | ); |
| 261 | |
| 262 | return $defaults; |
| 263 | } // default_options |
| 264 | |
| 265 | |
| 266 | /** |
| 267 | * Sanitize settings on save |
| 268 | * |
| 269 | * @since 5.0 |
| 270 | * |
| 271 | * @return array updated options |
| 272 | * |
| 273 | */ |
| 274 | static function sanitize_settings($options) |
| 275 | { |
| 276 | $old_options = self::get_options(); |
| 277 | |
| 278 | if (isset($options['captcha_verified']) && $options['captcha_verified'] != 1 && $options['captcha'] != 'disabled') { |
| 279 | $options['captcha'] = $old_options['captcha']; |
| 280 | $options['captcha_site_key'] = $old_options['captcha_site_key']; |
| 281 | $options['captcha_secret_key'] = $old_options['captcha_secret_key']; |
| 282 | } |
| 283 | |
| 284 | if (isset($options['captcha']) && ($options['captcha'] == 'disabled' || $options['captcha'] == 'builtin')) { |
| 285 | $options['captcha_site_key'] = ''; |
| 286 | $options['captcha_secret_key'] = ''; |
| 287 | } |
| 288 | |
| 289 | if (isset($_POST['submit'])) { |
| 290 | foreach ($options as $key => $value) { |
| 291 | switch ($key) { |
| 292 | case 'lockout_invalid_usernames': |
| 293 | case 'mask_login_errors': |
| 294 | case 'show_credit_link': |
| 295 | $options[$key] = trim($value); |
| 296 | break; |
| 297 | case 'max_login_retries': |
| 298 | case 'retries_within': |
| 299 | case 'lockout_length': |
| 300 | $options[$key] = (int) $value; |
| 301 | break; |
| 302 | } // switch |
| 303 | } // foreach |
| 304 | } |
| 305 | |
| 306 | if (!isset($options['login_protection'])) { |
| 307 | $options['login_protection'] = 0; |
| 308 | } |
| 309 | |
| 310 | if (!isset($options['lockout_invalid_usernames'])) { |
| 311 | $options['lockout_invalid_usernames'] = 0; |
| 312 | } |
| 313 | |
| 314 | if (!isset($options['mask_login_errors'])) { |
| 315 | $options['mask_login_errors'] = 0; |
| 316 | } |
| 317 | |
| 318 | if (!isset($options['anonymous_logging'])) { |
| 319 | $options['anonymous_logging'] = 0; |
| 320 | } |
| 321 | |
| 322 | if (!isset($options['block_bots'])) { |
| 323 | $options['block_bots'] = 0; |
| 324 | } |
| 325 | |
| 326 | if (!isset($options['instant_block_nonusers'])) { |
| 327 | $options['instant_block_nonusers'] = 0; |
| 328 | } |
| 329 | |
| 330 | if (!isset($options['country_blocking_mode'])) { |
| 331 | $options['country_blocking_mode'] = 0; |
| 332 | } |
| 333 | |
| 334 | if (!isset($options['block_undetermined_countries'])) { |
| 335 | $options['block_undetermined_countries'] = 0; |
| 336 | } |
| 337 | |
| 338 | if (!isset($options['global_block'])) { |
| 339 | $options['global_block'] = 0; |
| 340 | } |
| 341 | |
| 342 | if (!isset($options['country_global_block'])) { |
| 343 | $options['country_global_block'] = 0; |
| 344 | } |
| 345 | |
| 346 | if (!isset($options['uninstall_delete'])) { |
| 347 | $options['uninstall_delete'] = 0; |
| 348 | } |
| 349 | |
| 350 | if (!isset($options['show_credit_link'])) { |
| 351 | $options['show_credit_link'] = 0; |
| 352 | } |
| 353 | |
| 354 | if (!isset($options['firewall_block_bots'])) { |
| 355 | $options['firewall_block_bots'] = 0; |
| 356 | } |
| 357 | |
| 358 | if (!isset($options['firewall_directory_traversal'])) { |
| 359 | $options['firewall_directory_traversal'] = 0; |
| 360 | } |
| 361 | |
| 362 | if (!isset($options['log_passwords'])) { |
| 363 | $options['log_passwords'] = 0; |
| 364 | } |
| 365 | |
| 366 | if (!isset($options['captcha_show_login'])) { |
| 367 | $options['captcha_show_login'] = 0; |
| 368 | } |
| 369 | |
| 370 | if (!isset($options['captcha_show_wp_registration'])) { |
| 371 | $options['captcha_show_wp_registration'] = 0; |
| 372 | } |
| 373 | |
| 374 | if (!isset($options['captcha_show_wp_lost_password'])) { |
| 375 | $options['captcha_show_wp_lost_password'] = 0; |
| 376 | } |
| 377 | |
| 378 | if (!isset($options['captcha_show_wp_comment'])) { |
| 379 | $options['captcha_show_wp_comment'] = 0; |
| 380 | } |
| 381 | |
| 382 | if (!isset($options['captcha_show_woo_registration'])) { |
| 383 | $options['captcha_show_woo_registration'] = 0; |
| 384 | } |
| 385 | |
| 386 | if (!isset($options['captcha_show_woo_checkout'])) { |
| 387 | $options['captcha_show_woo_checkout'] = 0; |
| 388 | } |
| 389 | |
| 390 | if (!isset($options['design_enable'])) { |
| 391 | $options['design_enable'] = 0; |
| 392 | } |
| 393 | |
| 394 | if (!isset($options['captcha_show_edd_registration'])) { |
| 395 | $options['captcha_show_edd_registration'] = 0; |
| 396 | } |
| 397 | |
| 398 | if (!isset($options['captcha_show_bp_registration'])) { |
| 399 | $options['captcha_show_bp_registration'] = 0; |
| 400 | } |
| 401 | |
| 402 | if (isset($_POST['wpcaptcha_import_file'])) { |
| 403 | $mimes = array( |
| 404 | 'text/plain', |
| 405 | 'text/anytext', |
| 406 | 'application/txt' |
| 407 | ); |
| 408 | |
| 409 | if (!in_array($_FILES['wpcaptcha_import_file']['type'], $mimes)) { |
| 410 | WPCaptcha_Utility::display_notice( |
| 411 | sprintf( |
| 412 | "WARNING: Not a valid CSV file - the Mime Type '%s' is wrong! No settings have been imported.", |
| 413 | $_FILES['wpcaptcha_import_file']['type'] |
| 414 | ), |
| 415 | "error" |
| 416 | ); |
| 417 | } else if (($handle = fopen($_FILES['wpcaptcha_import_file']['tmp_name'], "r")) !== false) { |
| 418 | $options_json = json_decode(fread($handle, 8192), ARRAY_A); |
| 419 | |
| 420 | if (is_array($options_json) && array_key_exists('max_login_retries', $options_json) && array_key_exists('retries_within', $options_json) && array_key_exists('lockout_length', $options_json)) { |
| 421 | $options = $options_json; |
| 422 | WPCaptcha_Utility::display_notice("Settings have been imported.", "success"); |
| 423 | } else { |
| 424 | WPCaptcha_Utility::display_notice("Invalid import file! No settings have been imported.", "error"); |
| 425 | } |
| 426 | } else { |
| 427 | WPCaptcha_Utility::display_notice("Invalid import file! No settings have been imported.", "error"); |
| 428 | } |
| 429 | } |
| 430 | |
| 431 | if ($old_options['firewall_block_bots'] != $options['firewall_block_bots'] || $old_options['firewall_directory_traversal'] != $options['firewall_directory_traversal']) { |
| 432 | self::firewall_setup($options); |
| 433 | } |
| 434 | |
| 435 | WPCaptcha_Utility::clear_3rdparty_cache(); |
| 436 | $options['last_options_edit'] = current_time('mysql', true); |
| 437 | |
| 438 | return array_merge($old_options, $options); |
| 439 | } // sanitize_settings |
| 440 | |
| 441 | /** |
| 442 | * Get plugin metadata |
| 443 | * |
| 444 | * @since 5.0 |
| 445 | * |
| 446 | * @return array meta |
| 447 | * |
| 448 | */ |
| 449 | static function get_meta() |
| 450 | { |
| 451 | $meta = get_option(WPCAPTCHA_META_KEY, array()); |
| 452 | |
| 453 | if (!is_array($meta) || empty($meta)) { |
| 454 | $meta['first_version'] = self::get_plugin_version(); |
| 455 | $meta['first_install'] = current_time('timestamp'); |
| 456 | update_option(WPCAPTCHA_META_KEY, $meta); |
| 457 | } |
| 458 | |
| 459 | return $meta; |
| 460 | } // get_meta |
| 461 | |
| 462 | static function update_meta($key, $value) |
| 463 | { |
| 464 | $meta = get_option(WPCAPTCHA_META_KEY, array()); |
| 465 | $meta[$key] = $value; |
| 466 | update_option(WPCAPTCHA_META_KEY, $meta); |
| 467 | } // update_meta |
| 468 | |
| 469 | /** |
| 470 | * Register custom tables |
| 471 | * |
| 472 | * @since 5.0 |
| 473 | * |
| 474 | * @return null |
| 475 | * |
| 476 | */ |
| 477 | static function register_custom_tables() |
| 478 | { |
| 479 | global $wpdb; |
| 480 | |
| 481 | $wpdb->wpcatcha_login_fails = $wpdb->prefix . 'wpc_login_fails'; |
| 482 | $wpdb->wpcatcha_accesslocks = $wpdb->prefix . 'wpc_accesslocks'; |
| 483 | } // register_custom_tables |
| 484 | |
| 485 | /** |
| 486 | * Create custom tables |
| 487 | * |
| 488 | * @since 5.0 |
| 489 | * |
| 490 | * @return null |
| 491 | * |
| 492 | */ |
| 493 | static function create_custom_tables() |
| 494 | { |
| 495 | global $wpdb; |
| 496 | require_once ABSPATH . 'wp-admin/includes/upgrade.php'; |
| 497 | |
| 498 | self::register_custom_tables(); |
| 499 | |
| 500 | $wpcaptcha_login_fails = "CREATE TABLE " . $wpdb->wpcatcha_login_fails . " ( |
| 501 | `login_attempt_ID` bigint(20) NOT NULL AUTO_INCREMENT, |
| 502 | `user_id` bigint(20) NOT NULL, |
| 503 | `login_attempt_date` datetime NOT NULL default '0000-00-00 00:00:00', |
| 504 | `login_attempt_IP` varchar(100) NOT NULL default '', |
| 505 | `failed_user` varchar(200) NOT NULL default '', |
| 506 | `failed_pass` varchar(200) NOT NULL default '', |
| 507 | `reason` varchar(200) NULL, |
| 508 | PRIMARY KEY (`login_attempt_ID`) |
| 509 | );"; |
| 510 | dbDelta($wpcaptcha_login_fails); |
| 511 | |
| 512 | $wpcaptcha_accesslocks = "CREATE TABLE " . $wpdb->wpcatcha_accesslocks . " ( |
| 513 | `accesslock_ID` bigint(20) NOT NULL AUTO_INCREMENT, |
| 514 | `user_id` bigint(20) NOT NULL, |
| 515 | `accesslock_date` datetime NOT NULL default '0000-00-00 00:00:00', |
| 516 | `release_date` datetime NOT NULL default '0000-00-00 00:00:00', |
| 517 | `accesslock_IP` varchar(100) NOT NULL default '', |
| 518 | `reason` varchar(200) NULL, |
| 519 | `unlocked` smallint(20) NOT NULL default '0', |
| 520 | PRIMARY KEY (`accesslock_ID`) |
| 521 | );"; |
| 522 | dbDelta($wpcaptcha_accesslocks); |
| 523 | |
| 524 | self::update_meta('database_ver', self::$version); |
| 525 | } // create_custom_tables |
| 526 | |
| 527 | |
| 528 | static function firewall_setup($options = false) |
| 529 | { |
| 530 | self::setup_wp_filesystem(); |
| 531 | self::firewall_remove_rules(); |
| 532 | |
| 533 | if (false === $options) { |
| 534 | $options = get_option(WPCAPTCHA_OPTIONS_KEY, array()); |
| 535 | } |
| 536 | |
| 537 | $htaccess = self::$wp_filesystem->get_contents(WPCaptcha_Utility::get_home_path() . '.htaccess'); |
| 538 | |
| 539 | $firewall_rules = []; |
| 540 | $firewall_rules[] = '# BEGIN WP Captcha Firewall'; |
| 541 | |
| 542 | if ($options['firewall_block_bots']) { |
| 543 | $firewall_rules[] = '<IfModule mod_rewrite.c>'; |
| 544 | |
| 545 | $firewall_rules[] = 'RewriteCond %{HTTP_USER_AGENT} (ahrefs|alexibot|majestic|mj12bot|rogerbot) [NC,OR]'; |
| 546 | $firewall_rules[] = 'RewriteCond %{HTTP_USER_AGENT} (econtext|eolasbot|eventures|liebaofast|nominet|oppo\sa33) [NC,OR]'; |
| 547 | $firewall_rules[] = 'RewriteCond %{HTTP_USER_AGENT} (ahrefs|alexibot|majestic|mj12bot|rogerbot) [NC,OR]'; |
| 548 | $firewall_rules[] = 'RewriteCond %{HTTP_USER_AGENT} (econtext|eolasbot|eventures|liebaofast|nominet|oppo\sa33) [NC,OR]'; |
| 549 | $firewall_rules[] = 'RewriteCond %{HTTP_USER_AGENT} (acapbot|acoonbot|asterias|attackbot|backdorbot|becomebot|binlar|blackwidow|blekkobot|blexbot|blowfish|bullseye|bunnys|butterfly|careerbot|casper|checkpriv|cheesebot|cherrypick|chinaclaw|choppy|clshttp|cmsworld|copernic|copyrightcheck|cosmos|crescent|cy_cho|datacha|demon|diavol|discobot|dittospyder|dotbot|dotnetdotcom|dumbot|emailcollector|emailsiphon|emailwolf|extract|eyenetie|feedfinder|flaming|flashget|flicky|foobot|g00g1e|getright|gigabot|go-ahead-got|gozilla|grabnet|grafula|harvest|heritrix|httrack|icarus6j|jetbot|jetcar|jikespider|kmccrew|leechftp|libweb|linkextractor|linkscan|linkwalker|loader|masscan|miner|mechanize|morfeus|moveoverbot|netmechanic|netspider|nicerspro|nikto|ninja|nutch|octopus|pagegrabber|petalbot|planetwork|postrank|proximic|purebot|pycurl|python|queryn|queryseeker|radian6|radiation|realdownload|scooter|seekerspider|semalt|siclab|sindice|sistrix|sitebot|siteexplorer|sitesnagger|skygrid|smartdownload|snoopy|sosospider|spankbot|spbot|sqlmap|stackrambler|stripper|sucker|surftbot|sux0r|suzukacz|suzuran|takeout|teleport|telesoft|true_robots|turingos|turnit|vampire|vikspider|voideye|webleacher|webreaper|webstripper|webvac|webviewer|webwhacker|winhttp|wwwoffle|woxbot|xaldon|xxxyy|yamanalab|yioopbot|youda|zeus|zmeu|zune|zyborg) [NC]'; |
| 550 | |
| 551 | $firewall_rules[] = 'RewriteCond %{REMOTE_HOST} (163data|amazonaws|colocrossing|crimea|g00g1e|justhost|kanagawa|loopia|masterhost|onlinehome|poneytel|sprintdatacenter|reverse.softlayer|safenet|ttnet|woodpecker|wowrack) [NC]'; |
| 552 | |
| 553 | $firewall_rules[] = 'RewriteCond %{HTTP_REFERER} (semalt\.com|todaperfeita) [NC,OR]'; |
| 554 | $firewall_rules[] = 'RewriteCond %{HTTP_REFERER} (blue\spill|cocaine|ejaculat|erectile|erections|hoodia|huronriveracres|impotence|levitra|libido|lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby|ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo) [NC]'; |
| 555 | |
| 556 | $firewall_rules[] = 'RewriteRule .* - [F,L]'; |
| 557 | $firewall_rules[] = '</IfModule>'; |
| 558 | } |
| 559 | |
| 560 | if ($options['firewall_directory_traversal']) { |
| 561 | $firewall_rules[] = '<IfModule mod_rewrite.c>'; |
| 562 | |
| 563 | $firewall_rules[] = 'RewriteCond %{QUERY_STRING} (((/|%2f){3,3})|((\.|%2e){3,3})|((\.|%2e){2,2})(/|%2f|%u2215)) [NC,OR]'; |
| 564 | $firewall_rules[] = 'RewriteCond %{QUERY_STRING} (/|%2f)(:|%3a)(/|%2f) [NC,OR]'; |
| 565 | $firewall_rules[] = 'RewriteCond %{QUERY_STRING} (/|%2f)(\*|%2a)(\*|%2a)(/|%2f) [NC,OR]'; |
| 566 | $firewall_rules[] = 'RewriteCond %{QUERY_STRING} (absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?) [NC,OR]'; |
| 567 | $firewall_rules[] = 'RewriteCond %{QUERY_STRING} (/|%2f)(=|%3d|$&|_mm|cgi(\.|-)|inurl(:|%3a)(/|%2f)|(mod|path)(=|%3d)(\.|%2e)) [NC,OR]'; |
| 568 | |
| 569 | $firewall_rules[] = 'RewriteCond %{REQUEST_URI} (\^|`|<|>|\\\\|\|) [NC,OR]'; |
| 570 | $firewall_rules[] = 'RewriteCond %{REQUEST_URI} ([a-z0-9]{2000,}) [NC]'; |
| 571 | |
| 572 | $firewall_rules[] = 'RewriteRule .* - [F,L]'; |
| 573 | $firewall_rules[] = '</IfModule>'; |
| 574 | } |
| 575 | |
| 576 | $firewall_rules[] = '# END WP Captcha Firewall'; |
| 577 | |
| 578 | $htaccess = implode(PHP_EOL, $firewall_rules) . PHP_EOL . $htaccess; |
| 579 | |
| 580 | if (count($firewall_rules) > 2) { |
| 581 | $firewall_test = self::firewall_test_htaccess($htaccess); |
| 582 | if (is_wp_error($firewall_test)) { |
| 583 | WPCaptcha_Utility::display_notice( |
| 584 | $firewall_test->get_error_message(), |
| 585 | "error" |
| 586 | ); |
| 587 | } else { |
| 588 | self::$wp_filesystem->put_contents(WPCaptcha_Utility::get_home_path() . '.htaccess', $htaccess); |
| 589 | } |
| 590 | } |
| 591 | } |
| 592 | |
| 593 | static function firewall_test_htaccess($new_content) |
| 594 | { |
| 595 | $uploads_directory = wp_upload_dir(); |
| 596 | $test_id = rand(1000, 9999); |
| 597 | $htaccess_test_folder = $uploads_directory['basedir'] . '/htaccess-test-' . $test_id . '/'; |
| 598 | $htaccess_test_url = $uploads_directory['baseurl'] . '/htaccess-test-' . $test_id . '/'; |
| 599 | |
| 600 | // Create test directory and files |
| 601 | if (!self::$wp_filesystem->is_dir($htaccess_test_folder)) { |
| 602 | if (true !== self::$wp_filesystem->mkdir($htaccess_test_folder, 0777)) { |
| 603 | return new WP_Error('firewall_failed', 'Failed to create test directory. Please check that your uploads folder is writable.', false); |
| 604 | } |
| 605 | } |
| 606 | |
| 607 | if (true !== self::$wp_filesystem->put_contents($htaccess_test_folder . 'index.html', 'htaccess-test-' . $test_id)) { |
| 608 | return new WP_Error('firewall_failed', 'Failed to create test files. Please check that your uploads folder is writable.', false); |
| 609 | } |
| 610 | |
| 611 | if (true !== self::$wp_filesystem->put_contents($htaccess_test_folder . '.htaccess', $new_content)) { |
| 612 | return new WP_Error('firewall_failed', 'Failed to create test directory and files. Please check that your uploads folder is writeable.', false); |
| 613 | } |
| 614 | |
| 615 | // Retrieve test file over http |
| 616 | $response = wp_remote_get($htaccess_test_url . 'index.html', array('sslverify' => false, 'redirection' => 0)); |
| 617 | $response_code = wp_remote_retrieve_response_code($response); |
| 618 | |
| 619 | // Remove Test Directory |
| 620 | self::$wp_filesystem->delete($htaccess_test_folder . '.htaccess'); |
| 621 | self::$wp_filesystem->delete($htaccess_test_folder . 'index.html'); |
| 622 | self::$wp_filesystem->rmdir($htaccess_test_folder); |
| 623 | |
| 624 | // Check if test file content is what we expect |
| 625 | if ((in_array($response_code, range(200, 299)) && !is_wp_error($response) && wp_remote_retrieve_body($response) == 'htaccess-test-' . $test_id) || (in_array($response_code, range(300, 399)) && !is_wp_error($response))) { |
| 626 | return true; |
| 627 | } else { |
| 628 | return new WP_Error('firewall_failed', 'Unfortunately it looks like installing these firewall rules could cause your entire site, including the admin, to become inaccessible. Fix the errors before saving', false); |
| 629 | } |
| 630 | } |
| 631 | |
| 632 | static function firewall_remove_rules() |
| 633 | { |
| 634 | |
| 635 | if (self::$wp_filesystem->is_writable(WPCaptcha_Utility::get_home_path() . '.htaccess')) { |
| 636 | |
| 637 | $htaccess_rules = self::$wp_filesystem->get_contents(WPCaptcha_Utility::get_home_path() . '.htaccess'); |
| 638 | |
| 639 | if ($htaccess_rules) { |
| 640 | $htaccess_rules = explode(PHP_EOL, $htaccess_rules); |
| 641 | $found = false; |
| 642 | $new_content = ''; |
| 643 | |
| 644 | foreach ($htaccess_rules as $htaccess_rule) { |
| 645 | if ($htaccess_rule == '# BEGIN WP Captcha Firewall') { |
| 646 | $found = true; |
| 647 | } |
| 648 | |
| 649 | if (!$found) { |
| 650 | $new_content .= $htaccess_rule . PHP_EOL; |
| 651 | } |
| 652 | |
| 653 | if ($htaccess_rule == '# END WP Captcha Firewall') { |
| 654 | $found = false; |
| 655 | } |
| 656 | } |
| 657 | |
| 658 | $new_content = trim($new_content, PHP_EOL); |
| 659 | |
| 660 | $f = @fopen(WPCaptcha_Utility::get_home_path() . '.htaccess', 'w'); |
| 661 | self::$wp_filesystem->put_contents(WPCaptcha_Utility::get_home_path() . '.htaccess', $new_content); |
| 662 | |
| 663 | return true; |
| 664 | } |
| 665 | } |
| 666 | |
| 667 | return false; |
| 668 | } |
| 669 | |
| 670 | /** |
| 671 | * Actions on plugin activation |
| 672 | * |
| 673 | * @since 5.0 |
| 674 | * |
| 675 | * @return null |
| 676 | * |
| 677 | */ |
| 678 | static function activate() |
| 679 | { |
| 680 | self::create_custom_tables(); |
| 681 | WPCaptcha_Admin::reset_pointers(); |
| 682 | } // activate |
| 683 | |
| 684 | |
| 685 | /** |
| 686 | * Actions on plugin deactivaiton |
| 687 | * |
| 688 | * @since 5.0 |
| 689 | * |
| 690 | * @return null |
| 691 | * |
| 692 | */ |
| 693 | static function deactivate() |
| 694 | { |
| 695 | } // deactivate |
| 696 | |
| 697 | /** |
| 698 | * Actions on plugin uninstall |
| 699 | * |
| 700 | * @since 5.0 |
| 701 | * |
| 702 | * @return null |
| 703 | */ |
| 704 | static function uninstall() |
| 705 | { |
| 706 | global $wpdb; |
| 707 | |
| 708 | $options = get_option(WPCAPTCHA_OPTIONS_KEY, array()); |
| 709 | |
| 710 | if ($options['uninstall_delete'] == '1') { |
| 711 | delete_option(WPCAPTCHA_OPTIONS_KEY); |
| 712 | delete_option(WPCAPTCHA_META_KEY); |
| 713 | delete_option(WPCAPTCHA_POINTERS_KEY); |
| 714 | delete_option(WPCAPTCHA_NOTICES_KEY); |
| 715 | |
| 716 | $wpdb->query("DROP TABLE IF EXISTS " . $wpdb->prefix . "wpc_login_fails"); |
| 717 | $wpdb->query("DROP TABLE IF EXISTS " . $wpdb->prefix . "wpc_accesslocks"); |
| 718 | } |
| 719 | } // uninstall |
| 720 | } // class |
| 721 |