PluginProbe ʕ •ᴥ•ʔ
Advanced Google reCAPTCHA / 1.16
Advanced Google reCAPTCHA v1.16
5.39 trunk 1.0.1 1.0.10 1.0.11 1.0.12 1.0.13 1.0.14 1.0.15 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.0.7 1.0.8 1.0.9 1.1 1.11 1.12 1.13 1.14 1.15 1.16 1.17 1.18 1.19 1.20 1.21 1.22 1.23 1.24 1.25 1.26 1.27 1.28 1.29 1.30 1.31 1.32 1.33 1.34 1.35
advanced-google-recaptcha / libs / setup.php
advanced-google-recaptcha / libs Last commit date
admin.php 2 years ago ajax.php 2 years ago captcha.php 2 years ago functions.php 2 years ago setup.php 2 years ago stats.php 2 years ago utility.php 2 years ago
setup.php
721 lines
1 <?php
2
3 /**
4 * WP Captcha
5 * https://getwpcaptcha.com/
6 * (c) WebFactory Ltd, 2022 - 2023, www.webfactoryltd.com
7 */
8
9 class WPCaptcha_Setup extends WPCaptcha
10 {
11 static $wp_filesystem;
12
13 /**
14 * Actions to run on load, but init would be too early as not all classes are initialized
15 *
16 * @return null
17 */
18 static function load_actions()
19 {
20 self::register_custom_tables();
21 } // admin_actions
22
23 static function setup_wp_filesystem()
24 {
25 global $wp_filesystem;
26
27 if (empty($wp_filesystem)) {
28 require_once ABSPATH . '/wp-admin/includes/file.php';
29 WP_Filesystem();
30 }
31
32 self::$wp_filesystem = $wp_filesystem;
33 return self::$wp_filesystem;
34 } // setup_wp_filesystem
35
36 /**
37 * Check if user has the minimal WP version required by WP Captcha
38 *
39 * @since 5.0
40 *
41 * @return bool
42 *
43 */
44 static function check_wp_version($min_version)
45 {
46 if (!version_compare(get_bloginfo('version'), $min_version, '>=')) {
47 add_action('admin_notices', array(__CLASS__, 'notice_min_wp_version'));
48 return false;
49 } else {
50 return true;
51 }
52 } // check_wp_version
53
54 /**
55 * Check if user has the minimal PHP version required by WP Captcha
56 *
57 * @since 5.0
58 *
59 * @return bool
60 *
61 */
62 static function check_php_version($min_version)
63 {
64 if (!version_compare(phpversion(), $min_version, '>=')) {
65 add_action('admin_notices', array(__CLASS__, 'notice_min_php_version'));
66 return false;
67 } else {
68 return true;
69 }
70 } // check_wp_version
71
72 /**
73 * Display error message if WP version is too low
74 *
75 * @since 5.0
76 *
77 * @return null
78 *
79 */
80 static function notice_min_wp_version()
81 {
82 WPCaptcha_Utility::wp_kses_wf('<div class="error"><p>' . sprintf(__('WP Captcha plugin <b>requires WordPress version 4.6</b> or higher to function properly. You are using WordPress version %s. Please <a href="%s">update it</a>.', 'advanced-google-recaptcha'), get_bloginfo('version'), admin_url('update-core.php')) . '</p></div>');
83 } // notice_min_wp_version_error
84
85 /**
86 * Display error message if PHP version is too low
87 *
88 * @since 5.0
89 *
90 * @return null
91 *
92 */
93 static function notice_min_php_version()
94 {
95 WPCaptcha_Utility::wp_kses_wf('<div class="error"><p>' . sprintf(__('WP Captcha plugin <b>requires PHP version 5.6.20</b> or higher to function properly. You are using PHP version %s. Please <a href="%s" target="_blank">update it</a>.', 'advanced-google-recaptcha'), phpversion(), 'https://wordpress.org/support/update-php/') . '</p></div>');
96 } // notice_min_wp_version_error
97
98
99 /**
100 * activate doesn't get fired on upgrades so we have to compensate
101 *
102 * @since 5.0
103 *
104 * @return null
105 *
106 */
107 public static function maybe_upgrade()
108 {
109 $meta = self::get_meta();
110 if (empty($meta['database_ver']) || $meta['database_ver'] < self::$version) {
111 self::create_custom_tables();
112 }
113
114
115 // Copy options from free
116 $options = get_option(WPCAPTCHA_OPTIONS_KEY);
117 if (false === $options) {
118 $free_options = get_option("agr_options");
119 if (false !== $free_options && isset($free_options['enable_login'])) {
120 $options['captcha'] = $free_options['captcha_type'] == 'v3'?'recaptchav3':'recaptchav2';
121 $options['captcha_site_key'] = $free_options['site_key'];
122 $options['captcha_secret_key'] = $free_options['secret_key'];
123 $options['captcha_show_login'] = $free_options['enable_login'];
124 $options['captcha_show_wp_registration'] = $free_options['enable_register'];
125 $options['captcha_show_wp_lost_password'] = $free_options['enable_lost_password'];
126 $options['captcha_show_wp_comment'] = $free_options['enable_comment_form'];
127 $options['captcha_show_woo_registration'] = $free_options['enable_woo_register'];
128 $options['captcha_show_woo_checkout'] = $free_options['enable_woo_checkout'];
129 $options['captcha_show_edd_registration'] = $free_options['enable_edd_register'];
130 $options['captcha_show_bp_registration'] = $free_options['enable_bp_register'];
131
132 update_option(WPCAPTCHA_OPTIONS_KEY, $options);
133 ///delete_option("agr_options");
134 }
135 }
136 } // maybe_upgrade
137
138
139 /**
140 * Get plugin options
141 *
142 * @since 5.0
143 *
144 * @return array options
145 *
146 */
147 static function get_options()
148 {
149 $options = get_option(WPCAPTCHA_OPTIONS_KEY, array());
150
151 if (!is_array($options)) {
152 $options = array();
153 }
154 $options = array_merge(self::default_options(), $options);
155
156 return $options;
157 } // get_options
158
159 /**
160 * Register all settings
161 *
162 * @since 5.0
163 *
164 * @return false
165 *
166 */
167 static function register_settings()
168 {
169 register_setting(WPCAPTCHA_OPTIONS_KEY, WPCAPTCHA_OPTIONS_KEY, array(__CLASS__, 'sanitize_settings'));
170 } // register_settings
171
172
173 /**
174 * Set default options
175 *
176 * @since 5.0
177 *
178 * @return null
179 *
180 */
181 static function default_options()
182 {
183 $defaults = array(
184 'login_protection' => 0,
185 'max_login_retries' => 3,
186 'retries_within' => 5,
187 'lockout_length' => 60,
188 'lockout_invalid_usernames' => 1,
189 'mask_login_errors' => 0,
190 'show_credit_link' => 0,
191 'anonymous_logging' => 0,
192 'block_bots' => 0,
193 'log_passwords' => 0,
194 'instant_block_nonusers' => 0,
195 'cookie_lifetime' => 14,
196 'country_blocking_mode' => 'none',
197 'country_blocking_countries' => '',
198 'block_undetermined_countries' => 0,
199 'captcha' => 'disabled',
200 'captcha_secret_key' => '',
201 'captcha_site_key' => '',
202 'captcha_show_login' => 1,
203 'captcha_show_wp_registration' => 1,
204 'captcha_show_wp_lost_password' => 1,
205 'captcha_show_wp_comment' => 1,
206 'captcha_show_woo_registration' => 0,
207 'captcha_show_woo_checkout' => 0,
208 'captcha_show_edd_registration' => 0,
209 'captcha_show_bp_registration' => 0,
210 'login_url' => '',
211 'login_redirect_url' => '',
212 'global_block' => 0,
213 'country_global_block' => 0,
214 'uninstall_delete' => 0,
215 'block_message' => 'We\'re sorry, but your IP has been blocked due to too many recent failed login attempts.',
216 'block_message_country' => 'We\'re sorry, but access from your location is not allowed.',
217 'global_unblock_key' => 'll' . md5(time() . rand(10000, 9999)),
218 'whitelist' => array(),
219 'firewall_block_bots' => 0,
220 'firewall_directory_traversal' => 0,
221 'design_enable' => 0,
222 'design_template' => 'orange',
223 'design_background_color' => '',
224 'design_background_image' => '',
225 'design_logo' => '',
226 'design_logo_url' => '',
227 'design_logo_width' => '',
228 'design_logo_height' => '',
229 'design_logo_margin_bottom' => '',
230 'design_text_color' => '#3c434a',
231 'design_link_color' => '#2271b1',
232 'design_link_hover_color' => '#135e96',
233 'design_form_border_color' => '#FFFFFF',
234 'design_form_border_width' => 1,
235 'design_form_width' => '',
236 'design_form_width' => '',
237 'design_form_height' => '',
238 'design_form_padding' => 26,
239 'design_form_border_radius' => 2,
240 'design_form_background_color' => '',
241 'design_form_background_image' => '',
242 'design_label_font_size' => 14,
243 'design_label_text_color' => '#3c434a',
244 'design_field_font_size' => 13,
245 'design_field_text_color' => '#3c434a',
246 'design_field_border_color' => '#8c8f94',
247 'design_field_border_width' => 1,
248 'design_field_border_radius' => 2,
249 'design_field_background_color' => '#ffffff',
250 'design_button_font_size' => 14,
251 'design_button_text_color' => '',
252 'design_button_border_color' => '#2271b1',
253 'design_button_border_width' => 0,
254 'design_button_border_radius' => 2,
255 'design_button_background_color' => '#2271b1',
256 'design_button_hover_text_color' => '',
257 'design_button_hover_border_color' => '',
258 'design_button_hover_background_color' => '',
259 'design_custom_css' => ''
260 );
261
262 return $defaults;
263 } // default_options
264
265
266 /**
267 * Sanitize settings on save
268 *
269 * @since 5.0
270 *
271 * @return array updated options
272 *
273 */
274 static function sanitize_settings($options)
275 {
276 $old_options = self::get_options();
277
278 if (isset($options['captcha_verified']) && $options['captcha_verified'] != 1 && $options['captcha'] != 'disabled') {
279 $options['captcha'] = $old_options['captcha'];
280 $options['captcha_site_key'] = $old_options['captcha_site_key'];
281 $options['captcha_secret_key'] = $old_options['captcha_secret_key'];
282 }
283
284 if (isset($options['captcha']) && ($options['captcha'] == 'disabled' || $options['captcha'] == 'builtin')) {
285 $options['captcha_site_key'] = '';
286 $options['captcha_secret_key'] = '';
287 }
288
289 if (isset($_POST['submit'])) {
290 foreach ($options as $key => $value) {
291 switch ($key) {
292 case 'lockout_invalid_usernames':
293 case 'mask_login_errors':
294 case 'show_credit_link':
295 $options[$key] = trim($value);
296 break;
297 case 'max_login_retries':
298 case 'retries_within':
299 case 'lockout_length':
300 $options[$key] = (int) $value;
301 break;
302 } // switch
303 } // foreach
304 }
305
306 if (!isset($options['login_protection'])) {
307 $options['login_protection'] = 0;
308 }
309
310 if (!isset($options['lockout_invalid_usernames'])) {
311 $options['lockout_invalid_usernames'] = 0;
312 }
313
314 if (!isset($options['mask_login_errors'])) {
315 $options['mask_login_errors'] = 0;
316 }
317
318 if (!isset($options['anonymous_logging'])) {
319 $options['anonymous_logging'] = 0;
320 }
321
322 if (!isset($options['block_bots'])) {
323 $options['block_bots'] = 0;
324 }
325
326 if (!isset($options['instant_block_nonusers'])) {
327 $options['instant_block_nonusers'] = 0;
328 }
329
330 if (!isset($options['country_blocking_mode'])) {
331 $options['country_blocking_mode'] = 0;
332 }
333
334 if (!isset($options['block_undetermined_countries'])) {
335 $options['block_undetermined_countries'] = 0;
336 }
337
338 if (!isset($options['global_block'])) {
339 $options['global_block'] = 0;
340 }
341
342 if (!isset($options['country_global_block'])) {
343 $options['country_global_block'] = 0;
344 }
345
346 if (!isset($options['uninstall_delete'])) {
347 $options['uninstall_delete'] = 0;
348 }
349
350 if (!isset($options['show_credit_link'])) {
351 $options['show_credit_link'] = 0;
352 }
353
354 if (!isset($options['firewall_block_bots'])) {
355 $options['firewall_block_bots'] = 0;
356 }
357
358 if (!isset($options['firewall_directory_traversal'])) {
359 $options['firewall_directory_traversal'] = 0;
360 }
361
362 if (!isset($options['log_passwords'])) {
363 $options['log_passwords'] = 0;
364 }
365
366 if (!isset($options['captcha_show_login'])) {
367 $options['captcha_show_login'] = 0;
368 }
369
370 if (!isset($options['captcha_show_wp_registration'])) {
371 $options['captcha_show_wp_registration'] = 0;
372 }
373
374 if (!isset($options['captcha_show_wp_lost_password'])) {
375 $options['captcha_show_wp_lost_password'] = 0;
376 }
377
378 if (!isset($options['captcha_show_wp_comment'])) {
379 $options['captcha_show_wp_comment'] = 0;
380 }
381
382 if (!isset($options['captcha_show_woo_registration'])) {
383 $options['captcha_show_woo_registration'] = 0;
384 }
385
386 if (!isset($options['captcha_show_woo_checkout'])) {
387 $options['captcha_show_woo_checkout'] = 0;
388 }
389
390 if (!isset($options['design_enable'])) {
391 $options['design_enable'] = 0;
392 }
393
394 if (!isset($options['captcha_show_edd_registration'])) {
395 $options['captcha_show_edd_registration'] = 0;
396 }
397
398 if (!isset($options['captcha_show_bp_registration'])) {
399 $options['captcha_show_bp_registration'] = 0;
400 }
401
402 if (isset($_POST['wpcaptcha_import_file'])) {
403 $mimes = array(
404 'text/plain',
405 'text/anytext',
406 'application/txt'
407 );
408
409 if (!in_array($_FILES['wpcaptcha_import_file']['type'], $mimes)) {
410 WPCaptcha_Utility::display_notice(
411 sprintf(
412 "WARNING: Not a valid CSV file - the Mime Type '%s' is wrong! No settings have been imported.",
413 $_FILES['wpcaptcha_import_file']['type']
414 ),
415 "error"
416 );
417 } else if (($handle = fopen($_FILES['wpcaptcha_import_file']['tmp_name'], "r")) !== false) {
418 $options_json = json_decode(fread($handle, 8192), ARRAY_A);
419
420 if (is_array($options_json) && array_key_exists('max_login_retries', $options_json) && array_key_exists('retries_within', $options_json) && array_key_exists('lockout_length', $options_json)) {
421 $options = $options_json;
422 WPCaptcha_Utility::display_notice("Settings have been imported.", "success");
423 } else {
424 WPCaptcha_Utility::display_notice("Invalid import file! No settings have been imported.", "error");
425 }
426 } else {
427 WPCaptcha_Utility::display_notice("Invalid import file! No settings have been imported.", "error");
428 }
429 }
430
431 if ($old_options['firewall_block_bots'] != $options['firewall_block_bots'] || $old_options['firewall_directory_traversal'] != $options['firewall_directory_traversal']) {
432 self::firewall_setup($options);
433 }
434
435 WPCaptcha_Utility::clear_3rdparty_cache();
436 $options['last_options_edit'] = current_time('mysql', true);
437
438 return array_merge($old_options, $options);
439 } // sanitize_settings
440
441 /**
442 * Get plugin metadata
443 *
444 * @since 5.0
445 *
446 * @return array meta
447 *
448 */
449 static function get_meta()
450 {
451 $meta = get_option(WPCAPTCHA_META_KEY, array());
452
453 if (!is_array($meta) || empty($meta)) {
454 $meta['first_version'] = self::get_plugin_version();
455 $meta['first_install'] = current_time('timestamp');
456 update_option(WPCAPTCHA_META_KEY, $meta);
457 }
458
459 return $meta;
460 } // get_meta
461
462 static function update_meta($key, $value)
463 {
464 $meta = get_option(WPCAPTCHA_META_KEY, array());
465 $meta[$key] = $value;
466 update_option(WPCAPTCHA_META_KEY, $meta);
467 } // update_meta
468
469 /**
470 * Register custom tables
471 *
472 * @since 5.0
473 *
474 * @return null
475 *
476 */
477 static function register_custom_tables()
478 {
479 global $wpdb;
480
481 $wpdb->wpcatcha_login_fails = $wpdb->prefix . 'wpc_login_fails';
482 $wpdb->wpcatcha_accesslocks = $wpdb->prefix . 'wpc_accesslocks';
483 } // register_custom_tables
484
485 /**
486 * Create custom tables
487 *
488 * @since 5.0
489 *
490 * @return null
491 *
492 */
493 static function create_custom_tables()
494 {
495 global $wpdb;
496 require_once ABSPATH . 'wp-admin/includes/upgrade.php';
497
498 self::register_custom_tables();
499
500 $wpcaptcha_login_fails = "CREATE TABLE " . $wpdb->wpcatcha_login_fails . " (
501 `login_attempt_ID` bigint(20) NOT NULL AUTO_INCREMENT,
502 `user_id` bigint(20) NOT NULL,
503 `login_attempt_date` datetime NOT NULL default '0000-00-00 00:00:00',
504 `login_attempt_IP` varchar(100) NOT NULL default '',
505 `failed_user` varchar(200) NOT NULL default '',
506 `failed_pass` varchar(200) NOT NULL default '',
507 `reason` varchar(200) NULL,
508 PRIMARY KEY (`login_attempt_ID`)
509 );";
510 dbDelta($wpcaptcha_login_fails);
511
512 $wpcaptcha_accesslocks = "CREATE TABLE " . $wpdb->wpcatcha_accesslocks . " (
513 `accesslock_ID` bigint(20) NOT NULL AUTO_INCREMENT,
514 `user_id` bigint(20) NOT NULL,
515 `accesslock_date` datetime NOT NULL default '0000-00-00 00:00:00',
516 `release_date` datetime NOT NULL default '0000-00-00 00:00:00',
517 `accesslock_IP` varchar(100) NOT NULL default '',
518 `reason` varchar(200) NULL,
519 `unlocked` smallint(20) NOT NULL default '0',
520 PRIMARY KEY (`accesslock_ID`)
521 );";
522 dbDelta($wpcaptcha_accesslocks);
523
524 self::update_meta('database_ver', self::$version);
525 } // create_custom_tables
526
527
528 static function firewall_setup($options = false)
529 {
530 self::setup_wp_filesystem();
531 self::firewall_remove_rules();
532
533 if (false === $options) {
534 $options = get_option(WPCAPTCHA_OPTIONS_KEY, array());
535 }
536
537 $htaccess = self::$wp_filesystem->get_contents(WPCaptcha_Utility::get_home_path() . '.htaccess');
538
539 $firewall_rules = [];
540 $firewall_rules[] = '# BEGIN WP Captcha Firewall';
541
542 if ($options['firewall_block_bots']) {
543 $firewall_rules[] = '<IfModule mod_rewrite.c>';
544
545 $firewall_rules[] = 'RewriteCond %{HTTP_USER_AGENT} (ahrefs|alexibot|majestic|mj12bot|rogerbot) [NC,OR]';
546 $firewall_rules[] = 'RewriteCond %{HTTP_USER_AGENT} (econtext|eolasbot|eventures|liebaofast|nominet|oppo\sa33) [NC,OR]';
547 $firewall_rules[] = 'RewriteCond %{HTTP_USER_AGENT} (ahrefs|alexibot|majestic|mj12bot|rogerbot) [NC,OR]';
548 $firewall_rules[] = 'RewriteCond %{HTTP_USER_AGENT} (econtext|eolasbot|eventures|liebaofast|nominet|oppo\sa33) [NC,OR]';
549 $firewall_rules[] = 'RewriteCond %{HTTP_USER_AGENT} (acapbot|acoonbot|asterias|attackbot|backdorbot|becomebot|binlar|blackwidow|blekkobot|blexbot|blowfish|bullseye|bunnys|butterfly|careerbot|casper|checkpriv|cheesebot|cherrypick|chinaclaw|choppy|clshttp|cmsworld|copernic|copyrightcheck|cosmos|crescent|cy_cho|datacha|demon|diavol|discobot|dittospyder|dotbot|dotnetdotcom|dumbot|emailcollector|emailsiphon|emailwolf|extract|eyenetie|feedfinder|flaming|flashget|flicky|foobot|g00g1e|getright|gigabot|go-ahead-got|gozilla|grabnet|grafula|harvest|heritrix|httrack|icarus6j|jetbot|jetcar|jikespider|kmccrew|leechftp|libweb|linkextractor|linkscan|linkwalker|loader|masscan|miner|mechanize|morfeus|moveoverbot|netmechanic|netspider|nicerspro|nikto|ninja|nutch|octopus|pagegrabber|petalbot|planetwork|postrank|proximic|purebot|pycurl|python|queryn|queryseeker|radian6|radiation|realdownload|scooter|seekerspider|semalt|siclab|sindice|sistrix|sitebot|siteexplorer|sitesnagger|skygrid|smartdownload|snoopy|sosospider|spankbot|spbot|sqlmap|stackrambler|stripper|sucker|surftbot|sux0r|suzukacz|suzuran|takeout|teleport|telesoft|true_robots|turingos|turnit|vampire|vikspider|voideye|webleacher|webreaper|webstripper|webvac|webviewer|webwhacker|winhttp|wwwoffle|woxbot|xaldon|xxxyy|yamanalab|yioopbot|youda|zeus|zmeu|zune|zyborg) [NC]';
550
551 $firewall_rules[] = 'RewriteCond %{REMOTE_HOST} (163data|amazonaws|colocrossing|crimea|g00g1e|justhost|kanagawa|loopia|masterhost|onlinehome|poneytel|sprintdatacenter|reverse.softlayer|safenet|ttnet|woodpecker|wowrack) [NC]';
552
553 $firewall_rules[] = 'RewriteCond %{HTTP_REFERER} (semalt\.com|todaperfeita) [NC,OR]';
554 $firewall_rules[] = 'RewriteCond %{HTTP_REFERER} (blue\spill|cocaine|ejaculat|erectile|erections|hoodia|huronriveracres|impotence|levitra|libido|lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby|ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo) [NC]';
555
556 $firewall_rules[] = 'RewriteRule .* - [F,L]';
557 $firewall_rules[] = '</IfModule>';
558 }
559
560 if ($options['firewall_directory_traversal']) {
561 $firewall_rules[] = '<IfModule mod_rewrite.c>';
562
563 $firewall_rules[] = 'RewriteCond %{QUERY_STRING} (((/|%2f){3,3})|((\.|%2e){3,3})|((\.|%2e){2,2})(/|%2f|%u2215)) [NC,OR]';
564 $firewall_rules[] = 'RewriteCond %{QUERY_STRING} (/|%2f)(:|%3a)(/|%2f) [NC,OR]';
565 $firewall_rules[] = 'RewriteCond %{QUERY_STRING} (/|%2f)(\*|%2a)(\*|%2a)(/|%2f) [NC,OR]';
566 $firewall_rules[] = 'RewriteCond %{QUERY_STRING} (absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?) [NC,OR]';
567 $firewall_rules[] = 'RewriteCond %{QUERY_STRING} (/|%2f)(=|%3d|$&|_mm|cgi(\.|-)|inurl(:|%3a)(/|%2f)|(mod|path)(=|%3d)(\.|%2e)) [NC,OR]';
568
569 $firewall_rules[] = 'RewriteCond %{REQUEST_URI} (\^|`|<|>|\\\\|\|) [NC,OR]';
570 $firewall_rules[] = 'RewriteCond %{REQUEST_URI} ([a-z0-9]{2000,}) [NC]';
571
572 $firewall_rules[] = 'RewriteRule .* - [F,L]';
573 $firewall_rules[] = '</IfModule>';
574 }
575
576 $firewall_rules[] = '# END WP Captcha Firewall';
577
578 $htaccess = implode(PHP_EOL, $firewall_rules) . PHP_EOL . $htaccess;
579
580 if (count($firewall_rules) > 2) {
581 $firewall_test = self::firewall_test_htaccess($htaccess);
582 if (is_wp_error($firewall_test)) {
583 WPCaptcha_Utility::display_notice(
584 $firewall_test->get_error_message(),
585 "error"
586 );
587 } else {
588 self::$wp_filesystem->put_contents(WPCaptcha_Utility::get_home_path() . '.htaccess', $htaccess);
589 }
590 }
591 }
592
593 static function firewall_test_htaccess($new_content)
594 {
595 $uploads_directory = wp_upload_dir();
596 $test_id = rand(1000, 9999);
597 $htaccess_test_folder = $uploads_directory['basedir'] . '/htaccess-test-' . $test_id . '/';
598 $htaccess_test_url = $uploads_directory['baseurl'] . '/htaccess-test-' . $test_id . '/';
599
600 // Create test directory and files
601 if (!self::$wp_filesystem->is_dir($htaccess_test_folder)) {
602 if (true !== self::$wp_filesystem->mkdir($htaccess_test_folder, 0777)) {
603 return new WP_Error('firewall_failed', 'Failed to create test directory. Please check that your uploads folder is writable.', false);
604 }
605 }
606
607 if (true !== self::$wp_filesystem->put_contents($htaccess_test_folder . 'index.html', 'htaccess-test-' . $test_id)) {
608 return new WP_Error('firewall_failed', 'Failed to create test files. Please check that your uploads folder is writable.', false);
609 }
610
611 if (true !== self::$wp_filesystem->put_contents($htaccess_test_folder . '.htaccess', $new_content)) {
612 return new WP_Error('firewall_failed', 'Failed to create test directory and files. Please check that your uploads folder is writeable.', false);
613 }
614
615 // Retrieve test file over http
616 $response = wp_remote_get($htaccess_test_url . 'index.html', array('sslverify' => false, 'redirection' => 0));
617 $response_code = wp_remote_retrieve_response_code($response);
618
619 // Remove Test Directory
620 self::$wp_filesystem->delete($htaccess_test_folder . '.htaccess');
621 self::$wp_filesystem->delete($htaccess_test_folder . 'index.html');
622 self::$wp_filesystem->rmdir($htaccess_test_folder);
623
624 // Check if test file content is what we expect
625 if ((in_array($response_code, range(200, 299)) && !is_wp_error($response) && wp_remote_retrieve_body($response) == 'htaccess-test-' . $test_id) || (in_array($response_code, range(300, 399)) && !is_wp_error($response))) {
626 return true;
627 } else {
628 return new WP_Error('firewall_failed', 'Unfortunately it looks like installing these firewall rules could cause your entire site, including the admin, to become inaccessible. Fix the errors before saving', false);
629 }
630 }
631
632 static function firewall_remove_rules()
633 {
634
635 if (self::$wp_filesystem->is_writable(WPCaptcha_Utility::get_home_path() . '.htaccess')) {
636
637 $htaccess_rules = self::$wp_filesystem->get_contents(WPCaptcha_Utility::get_home_path() . '.htaccess');
638
639 if ($htaccess_rules) {
640 $htaccess_rules = explode(PHP_EOL, $htaccess_rules);
641 $found = false;
642 $new_content = '';
643
644 foreach ($htaccess_rules as $htaccess_rule) {
645 if ($htaccess_rule == '# BEGIN WP Captcha Firewall') {
646 $found = true;
647 }
648
649 if (!$found) {
650 $new_content .= $htaccess_rule . PHP_EOL;
651 }
652
653 if ($htaccess_rule == '# END WP Captcha Firewall') {
654 $found = false;
655 }
656 }
657
658 $new_content = trim($new_content, PHP_EOL);
659
660 $f = @fopen(WPCaptcha_Utility::get_home_path() . '.htaccess', 'w');
661 self::$wp_filesystem->put_contents(WPCaptcha_Utility::get_home_path() . '.htaccess', $new_content);
662
663 return true;
664 }
665 }
666
667 return false;
668 }
669
670 /**
671 * Actions on plugin activation
672 *
673 * @since 5.0
674 *
675 * @return null
676 *
677 */
678 static function activate()
679 {
680 self::create_custom_tables();
681 WPCaptcha_Admin::reset_pointers();
682 } // activate
683
684
685 /**
686 * Actions on plugin deactivaiton
687 *
688 * @since 5.0
689 *
690 * @return null
691 *
692 */
693 static function deactivate()
694 {
695 } // deactivate
696
697 /**
698 * Actions on plugin uninstall
699 *
700 * @since 5.0
701 *
702 * @return null
703 */
704 static function uninstall()
705 {
706 global $wpdb;
707
708 $options = get_option(WPCAPTCHA_OPTIONS_KEY, array());
709
710 if ($options['uninstall_delete'] == '1') {
711 delete_option(WPCAPTCHA_OPTIONS_KEY);
712 delete_option(WPCAPTCHA_META_KEY);
713 delete_option(WPCAPTCHA_POINTERS_KEY);
714 delete_option(WPCAPTCHA_NOTICES_KEY);
715
716 $wpdb->query("DROP TABLE IF EXISTS " . $wpdb->prefix . "wpc_login_fails");
717 $wpdb->query("DROP TABLE IF EXISTS " . $wpdb->prefix . "wpc_accesslocks");
718 }
719 } // uninstall
720 } // class
721