PluginProbe ʕ •ᴥ•ʔ
JetBackup – Backup, Restore & Migrate / 3.1.13.4
JetBackup – Backup, Restore & Migrate v3.1.13.4
3.1.22.4 3.1.22.3 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8 1.4.8.1 1.4.9 1.5.0 1.5.1 1.5.1.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.6.0 1.6.10 1.6.11 1.6.12 1.6.13 1.6.15 1.6.5.1 1.6.8.8 1.6.9 1.6.9.1 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7.5 2.0.8.7 2.0.9.11 2.0.9.14 2.0.9.15 2.0.9.6 2.0.9.7 2.0.9.9 3.1.10.7 3.1.11.1 3.1.12.3 3.1.13.4 3.1.14.17 3.1.15.4 3.1.16.1 3.1.17.5 3.1.18.10 3.1.18.8 3.1.18.9 3.1.19.8 3.1.20.3 3.1.21.3 3.1.7.9 3.1.9.2 trunk 1.1.90 1.1.91 1.2.0 1.2.5 1.2.6 1.2.7 1.2.8 1.2.9 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.6 1.3.7 1.3.8 1.3.9 1.4.0 1.4.1 1.4.2
backup / src / JetBackup / Ajax / Ajax.php
backup / src / JetBackup / Ajax Last commit date
Calls 9 months ago .htaccess 9 months ago Ajax.php 9 months ago ListRecord.php 9 months ago aAjax.php 9 months ago iAjax.php 9 months ago index.html 9 months ago web.config 9 months ago
Ajax.php
157 lines
1 <?php
2
3 namespace JetBackup\Ajax;
4
5 use Exception;
6 use JetBackup\Cron\Cron;
7 use JetBackup\Data\ArrayData;
8 use JetBackup\Entities\Util;
9 use JetBackup\Exception\AjaxException;
10 use JetBackup\Exception\JBException;
11 use JetBackup\JetBackup;
12 use JetBackup\MFA\GoogleAuthenticator;
13 use JetBackup\Wordpress\UI;
14 use JetBackup\Wordpress\Wordpress;
15
16 if (!defined( '__JETBACKUP__')) die('Direct access is not allowed');
17
18 class Ajax extends ArrayData {
19
20 const MFA_ALLOWED_FUNCTIONS = ['panelPreload', 'getQRCode', 'validateMFA'];
21
22 private function __construct() {
23 $this->setData(self::_getRequestData());
24 }
25
26 /**
27 * @return array
28 */
29 private static function _getRequestData():array {
30 $input = file_get_contents("php://input");
31 $params = $input ? json_decode($input,true) : [];
32 if(!$params) $params = [];
33 if($_GET && is_array($_GET)) $params = array_merge($_GET, $params);
34 if($_POST && is_array($_POST)) $params = array_merge($_POST, $params);
35 if($_REQUEST && is_array($_REQUEST)) $params = array_merge($_REQUEST, $params);
36 return $params;
37 }
38
39 /**
40 * @return string
41 */
42 private static function _getNonce():string {
43 $params = self::_getRequestData();
44 return $params['nonce'] ?? '';
45 }
46
47 /**
48 * @return void
49 * @throws AjaxException
50 */
51 private static function _init():void {
52 if (!function_exists('current_user_can')) throw new AjaxException('Error %s - WordPress Core function missing', [102]);
53 if (!function_exists('is_user_logged_in')) throw new AjaxException('Error %s - WordPress Core function missing', [103]);
54 if (!is_user_logged_in()) throw new AjaxException('Error %s - You are not logged in', [104]);
55 if (!current_user_can('manage_options')) throw new AjaxException('Error %s - Insufficient user permissions', [105]);
56 if (!Wordpress::verifyNonce(self::_getNonce())) throw new AjaxException('Error %s - Session Expired (Refresh Page Needed?)', [108]);
57 }
58
59 /**
60 * @return void
61 */
62 public static function main():void {
63 (new Ajax())->execute();
64 }
65
66 /**
67 * @return void
68 */
69 public function execute():void {
70
71 if (Wordpress::isDebugModeEnabled()) {
72 error_reporting(E_ALL);
73 ini_set('display_errors', 1);
74 }
75
76 $data = $this->getData();
77
78 try {
79 self::_init();
80 if(!isset($data['actionType']) || !$data['actionType']) throw new AjaxException("No action type provided");
81
82 $method = "\JetBackup\Ajax\Calls\\" . ucfirst($data['actionType']);
83 if(!class_exists($method)) throw new AjaxException("Invalid action type provided (action: %s)", [$data['actionType']]);
84
85 if (GoogleAuthenticator::isSetupCompleted() &&
86 !UI::validateMFA() &&
87 !in_array($data['actionType'], self::MFA_ALLOWED_FUNCTIONS)) throw new AjaxException('MFA is not validated');
88
89 /** @var iAjax $call */
90 $call = new $method();
91 $call->setData($data);
92
93 $call->execute();
94 self::_output($call->getResponseMessage(), $call->getResponseData());
95 } catch(AjaxException $e) {
96 $msg = $e->getMessage();
97 self::_exit($msg, $e->getData());
98 } catch(JBException $e) {
99 self::_exit($e->getMessage());
100 }
101 }
102
103 /**
104 * @return void
105 */
106 public static function heartbeat():void {
107
108 try {
109 self::_init();
110 Cron::main();
111 } catch( Exception $e) {
112 self::_exit($e->getMessage());
113 }
114
115 self::_output('Heartbeat Done');
116 }
117
118
119 /**
120 * @param string $message
121 * @param array $data
122 * @param int $success
123 *
124 * @return void
125 */
126 private static function _output(string $message, array $data=[], int $success=1):void {
127 die(json_encode([
128 'message' => $message,
129 'success' => $success,
130 'data' => $data,
131 'system' => [
132 'version' => JetBackup::VERSION,
133 'nonce' => Wordpress::createNonce(),
134 ],
135 ]));
136 }
137
138 /**
139 * @param string $message
140 * @param array $data
141 *
142 * @return void
143 */
144 private static function _exit(string $message, array $data=[]):void {
145 self::_output($message, $data, 0);
146 }
147
148 /**
149 * @param int $time
150 *
151 * @return string
152 * @throws Exception
153 */
154 public static function date(int $time):string {
155 return Util::date("Y-m-d H:i:s", $time);
156 }
157 }