connect.php — MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) 10.1.3

google-analytics-for-wordpress / includes / connect.php

google-analytics-for-wordpress / includes Last commit date

admin 1 month ago api 1 month ago cache 1 month ago database 1 month ago emails 1 month ago frontend 1 month ago gutenberg 1 month ago overview 1 month ago popular-posts 8 months ago ppc 1 month ago tracking 1 month ago api-request.php 8 months ago auth.php 1 month ago capabilities.php 1 month ago compatibility-check.php 2 years ago connect.php 1 month ago deprecated.php 1 year ago helpers.php 1 month ago index.php 3 years ago install.php 1 month ago measurement-protocol-v4.php 1 month ago options.php 2 years ago

connect.php

252 lines

1	<?php
2	/**
3	* MonsterInsights Connect is our service that makes it easy for non-techy users to
4	* upgrade to MonsterInsights Pro without having to manually install the MonsterInsights Pro plugin.
5	*
6	* @package MonsterInsights
7	* @since 7.7.2
8	*/
9	/**
10	* Class MonsterInsights_Connect
11	*/
12	class MonsterInsights_Connect {
13
14	/**
15	* MonsterInsights_Connect constructor.
16	*/
17	public function __construct() {
18	$this->hooks();
19	}
20
21	/**
22	* Add hooks for Connect.
23	*/
24	public function hooks() {
25
26	add_action( 'wp_ajax_monsterinsights_connect_url', array( $this, 'generate_connect_url' ) );
27	add_action( 'wp_ajax_monsterinsights_connect_process', array( $this, 'process' ) );
28	}
29
30	/**
31	* Generate the connect URL with the given key and network status
32	*
33	* @param string $key License key
34	* @param bool $network Whether this is a network-wide connection
35	* @return array Array containing the URL and the one time hash
36	*/
37	public static function generate_connect_url_data( $key, $network = false ) {
38	if ( empty( $key ) ) {
39	return false;
40	}
41
42	// Generate and store hash
43	$oth = hash( 'sha512', wp_rand() );
44	$hashed_oth = hash_hmac( 'sha512', $oth, wp_salt() );
45
46	update_option( 'monsterinsights_connect', array(
47	'key' => $key,
48	'time' => time(),
49	'network' => $network,
50	));
51	update_option( 'monsterinsights_connect_token', $oth );
52
53	// Generate URL
54	$version = MonsterInsights()->version;
55	$siteurl = admin_url();
56	$endpoint = admin_url( 'admin-ajax.php' );
57	$redirect = $network ? network_admin_url( 'admin.php?page=monsterinsights_network' ) : admin_url( 'admin.php?page=monsterinsights_settings' );
58
59	$url = add_query_arg(
60	array(
61	'key' => $key,
62	'oth' => $hashed_oth,
63	'endpoint' => $endpoint,
64	'version' => $version,
65	'siteurl' => $siteurl,
66	'homeurl' => home_url(),
67	'redirect' => rawurldecode( base64_encode( $redirect ) ),
68	'v' => 2,
69	),
70	'https://upgrade.monsterinsights.com'
71	);
72
73	return array(
74	'url' => $url,
75	'oth' => $oth,
76	);
77	}
78
79	/**
80	* Generates and returns MonsterInsights Connect URL.
81	*/
82	public function generate_connect_url() {
83	check_ajax_referer( 'mi-admin-nonce', 'nonce' );
84
85	// Check for permissions.
86	if ( ! monsterinsights_can_install_plugins() ) {
87	wp_send_json_error( array( 'message' => esc_html__( 'Oops! You are not allowed to install plugins. Please contact your site administrator.', 'google-analytics-for-wordpress' ) ) );
88	}
89
90	if ( monsterinsights_is_dev_url( home_url() ) ) {
91	wp_send_json_success( array(
92	'url' => 'https://www.monsterinsights.com/docs/go-lite-pro/#manual-upgrade',
93	) );
94	}
95	$key = ! empty( $_POST['key'] ) ? sanitize_text_field( wp_unslash( $_POST['key'] ) ) : ''; // phpcs:ignore WordPress.Security.NonceVerification
96
97	if ( empty( $key ) ) {
98	wp_send_json_error(
99	array(
100	'message' => esc_html__( 'Please enter your license key to connect.', 'google-analytics-for-wordpress' ),
101	)
102	);
103	}
104
105	// Verify pro version is not installed.
106	$active = activate_plugin( 'google-analytics-premium/googleanalytics-premium.php', false, false, true );
107	if ( ! is_wp_error( $active ) ) {
108	// Deactivate plugin.
109	deactivate_plugins( plugin_basename( MONSTERINSIGHTS_PLUGIN_FILE ), false, false );
110	wp_send_json_error( array(
111	'message' => esc_html__( 'You already have MonsterInsights Pro installed.', 'google-analytics-for-wordpress' ),
112	'reload' => true,
113	) );
114	}
115
116	// Network?
117	$network = ! empty( $_POST['network'] ) && $_POST['network']; // phpcs:ignore
118
119	$url_data = self::generate_connect_url_data( $key, $network );
120	if ( empty( $url_data ) ) {
121	wp_send_json_error(
122	array(
123	'message' => esc_html__( 'Please enter your license key to connect.', 'google-analytics-for-wordpress' ),
124	)
125	);
126	}
127
128	wp_send_json_success( array(
129	'url' => $url_data['url'],
130	) );
131	}
132
133	/**
134	* Process MonsterInsights Connect.
135	*/
136	public function process() {
137	// Translators: Link tag starts with url and link tag ends.
138	$error = sprintf(
139	esc_html__( 'Oops! We could not automatically install an upgrade. Please install manually by visiting %1$smonsterinsights.com%2$s.', 'google-analytics-for-wordpress' ),
140	'<a target="_blank" href="' . monsterinsights_get_url( 'notice', 'could-not-upgrade', 'https://www.monsterinsights.com/' ) . '">',
141	'</a>'
142	);
143
144	// Check for permissions.
145	if ( ! monsterinsights_can_install_plugins() ) {
146	wp_send_json_error( $error );
147	}
148
149	// verify params present (oth & download link).
150	$post_oth = ! empty( $_REQUEST['oth'] ) ? sanitize_text_field($_REQUEST['oth']) : '';
151	$post_url = ! empty( $_REQUEST['file'] ) ? sanitize_url($_REQUEST['file']) : '';
152	$license = get_option( 'monsterinsights_connect', false );
153	$network = ! empty( $license['network'] ) ? (bool) $license['network'] : false;
154	if ( empty( $post_oth ) \|\| empty( $post_url ) ) {
155	wp_send_json_error( $error );
156	}
157	// Verify oth.
158	$oth = get_option( 'monsterinsights_connect_token' );
159	if ( empty( $oth ) ) {
160	wp_send_json_error( $error );
161	}
162	if ( hash_hmac( 'sha512', $oth, wp_salt() ) !== $post_oth ) {
163	wp_send_json_error( $error );
164	}
165	// Delete so cannot replay.
166	delete_option( 'monsterinsights_connect_token' );
167	// Set the current screen to avoid undefined notices.
168	set_current_screen( 'insights_page_monsterinsights_settings' );
169	// Prepare variables.
170	$url = esc_url_raw(
171	add_query_arg(
172	array(
173	'page' => 'monsterinsights-settings',
174	),
175	admin_url( 'admin.php' )
176	)
177	);
178	// Verify pro not activated.
179	if ( monsterinsights_is_pro_version() ) {
180	wp_send_json_success( esc_html__( 'Plugin installed & activated.', 'google-analytics-for-wordpress' ) );
181	}
182	// Verify pro not installed.
183	$active = activate_plugin( 'google-analytics-premium/googleanalytics-premium.php', $url, $network, true );
184	if ( ! is_wp_error( $active ) ) {
185	deactivate_plugins( plugin_basename( MONSTERINSIGHTS_PLUGIN_FILE ), false, $network );
186	wp_send_json_success( esc_html__( 'Plugin installed & activated.', 'google-analytics-for-wordpress' ) );
187	}
188	$creds = request_filesystem_credentials( $url, '', false, false, null );
189	// Check for file system permissions.
190	if ( false === $creds ) {
191	wp_send_json_error( $error );
192	}
193	if ( ! WP_Filesystem( $creds ) ) {
194	wp_send_json_error( $error );
195	}
196	// We do not need any extra credentials if we have gotten this far, so let's install the plugin.
197	monsterinsights_require_upgrader();
198	// Do not allow WordPress to search/download translations, as this will break JS output.
199	remove_action( 'upgrader_process_complete', array( 'Language_Pack_Upgrader', 'async_upgrade' ), 20 );
200	// Create the plugin upgrader with our custom skin.
201	$installer = new MonsterInsights_Plugin_Upgrader( new MonsterInsights_Skin() );
202	// Error check.
203	if ( ! method_exists( $installer, 'install' ) ) {
204	wp_send_json_error( $error );
205	}
206
207	// Check license key.
208	if ( empty( $license['key'] ) ) {
209	wp_send_json_error( new WP_Error( '403', esc_html__( 'You are not licensed.', 'google-analytics-for-wordpress' ) ) );
210	}
211
212	$installer->install( $post_url ); // phpcs:ignore
213	// Flush the cache and return the newly installed plugin basename.
214	wp_cache_flush();
215
216	if ( $installer->plugin_info() ) {
217	$plugin_basename = $installer->plugin_info();
218
219	// Check this before deactivating plugin.
220	$is_authed = MonsterInsights()->auth->is_authed();
221
222	// Deactivate the lite version first.
223	deactivate_plugins( plugin_basename( MONSTERINSIGHTS_PLUGIN_FILE ), false, $network );
224
225	// Activate the plugin silently.
226	$activated = activate_plugin( $plugin_basename, '', $network, true );
227	if ( ! is_wp_error( $activated ) ) {
228	// Pro upgrade successful.
229	$over_time = get_option( 'monsterinsights_over_time', array() );
230
231	if ( empty( $over_time['installed_pro'] ) ) {
232	$over_time['installed_pro'] = time();
233	if ( $is_authed ) {
234	$over_time['connected_upgrade'] = time();
235	}
236	update_option( 'monsterinsights_over_time', $over_time );
237	}
238
239	wp_send_json_success( esc_html__( 'Plugin installed & activated.', 'google-analytics-for-wordpress' ) );
240	} else {
241	// Reactivate the lite plugin if pro activation failed.
242	activate_plugin( plugin_basename( MONSTERINSIGHTS_PLUGIN_FILE ), '', $network, true );
243	wp_send_json_error( esc_html__( 'Please activate MonsterInsights Pro from your WordPress plugins page.', 'google-analytics-for-wordpress' ) );
244	}
245	}
246	wp_send_json_error( $error );
247	}
248
249	}
250
251	new MonsterInsights_Connect();
252