admin_includes(); add_action('admin_menu', array($this, 'setup_menu_items')); add_action('admin_menu', array($this, 'create_admin_menus')); add_action('admin_menu', array($this, 'premium_upgrade_submenu'), 40); add_action('admin_init', array($this, 'aiowps_csv_download')); if (class_exists('AIOWPSecurity_Onboarding')) { add_action('admin_init', array('AIOWPSecurity_Onboarding', 'maybe_redirect_to_dashboard_page')); } } add_action('admin_init', array($this, 'hook_admin_notices')); // Make sure we are on our plugin's menu pages if ($this->is_aiowps_admin_page()) { add_action('admin_print_scripts', array($this, 'admin_menu_page_scripts')); add_action('admin_print_styles', array($this, 'admin_menu_page_styles')); add_action('init', array($this, 'init_hook_handler_for_admin_side')); if (class_exists('AIOWPS_PREMIUM')) { add_filter('admin_footer_text', array($this, 'display_footer_review_message')); } } } /** * Sets up the menu items array which is used to build admin menus * * @return void */ public function setup_menu_items() { $menu_items = array( array( 'page_title' => __('Dashboard', 'all-in-one-wp-security-and-firewall'), 'menu_title' => __('Dashboard', 'all-in-one-wp-security-and-firewall'), 'menu_slug' => AIOWPSEC_MAIN_MENU_SLUG, 'render_callback' => array($this, 'handle_dashboard_menu_rendering'), 'icon' => 'dashboard', 'order' => 20, ), array( 'page_title' => __('Settings', 'all-in-one-wp-security-and-firewall'), 'menu_title' => __('Settings', 'all-in-one-wp-security-and-firewall'), 'menu_slug' => AIOWPSEC_SETTINGS_MENU_SLUG, 'render_callback' => array($this, 'handle_settings_menu_rendering'), 'icon' => 'settings', 'order' => 30, ), array( 'page_title' => __('User Security', 'all-in-one-wp-security-and-firewall'), 'menu_title' => __('User Security', 'all-in-one-wp-security-and-firewall'), 'menu_slug' => AIOWPSEC_USER_SECURITY_MENU_SLUG, 'render_callback' => array($this, 'handle_user_security_menu_rendering'), 'icon' => 'user_security', 'order' => 40, ), array( 'page_title' => __('Database Security', 'all-in-one-wp-security-and-firewall'), 'menu_title' => __('Database Security', 'all-in-one-wp-security-and-firewall'), 'menu_slug' => AIOWPSEC_DB_SEC_MENU_SLUG, 'render_callback' => array($this, 'handle_database_menu_rendering'), 'icon' => 'database_security', 'display_condition_callback' => 'is_super_admin', 'order' => 50, ), array( 'page_title' => __('File Security', 'all-in-one-wp-security-and-firewall'), 'menu_title' => __('File Security', 'all-in-one-wp-security-and-firewall'), 'menu_slug' => AIOWPSEC_FILESYSTEM_MENU_SLUG, 'render_callback' => array($this, 'handle_filesystem_menu_rendering'), 'icon' => 'filesystem_security', 'order' => 60, ), array( 'page_title' => __('Firewall', 'all-in-one-wp-security-and-firewall'), 'menu_title' => __('Firewall', 'all-in-one-wp-security-and-firewall'), 'menu_slug' => AIOWPSEC_FIREWALL_MENU_SLUG, 'render_callback' => array($this, 'handle_firewall_menu_rendering'), 'icon' => 'firewall', 'order' => 70, ), array( 'page_title' => __('Brute Force', 'all-in-one-wp-security-and-firewall'), 'menu_title' => __('Brute Force', 'all-in-one-wp-security-and-firewall'), 'menu_slug' => AIOWPSEC_BRUTE_FORCE_MENU_SLUG, 'render_callback' => array($this, 'handle_brute_force_menu_rendering'), 'icon' => 'brute_force', 'order' => 80, ), array( 'page_title' => __('Spam Prevention', 'all-in-one-wp-security-and-firewall'), 'menu_title' => __('Spam Prevention', 'all-in-one-wp-security-and-firewall'), 'menu_slug' => AIOWPSEC_SPAM_MENU_SLUG, 'render_callback' => array($this, 'handle_spam_menu_rendering'), 'icon' => 'spam_prevention', 'order' => 90, ), array( 'page_title' => __('Scanner', 'all-in-one-wp-security-and-firewall'), 'menu_title' => __('Scanner', 'all-in-one-wp-security-and-firewall'), 'menu_slug' => AIOWPSEC_FILESCAN_MENU_SLUG, 'render_callback' => array($this, 'handle_filescan_menu_rendering'), 'icon' => 'scanner', 'display_condition_callback' => array('AIOWPSecurity_Utility_Permissions', 'is_main_site_and_super_admin'), 'order' => 100, ), array( 'page_title' => __('Tools', 'all-in-one-wp-security-and-firewall'), 'menu_title' => __('Tools', 'all-in-one-wp-security-and-firewall'), 'menu_slug' => AIOWPSEC_TOOLS_MENU_SLUG, 'render_callback' => array($this, 'handle_tools_menu_rendering'), 'icon' => 'tools', 'order' => 110, ), ); $menu_items = apply_filters('aiowpsecurity_menu_items', $menu_items); $this->menu_items = array_filter($menu_items, 'AIOWPSecurity_Utility::should_display_item'); } /** * Function to get the menu items array * * @return array */ public function get_menu_items() { return $this->menu_items; } /** * This function creates and outputs the csv file for download * * @param array $items - the content * @param array $export_keys - the keys for the content * @param string $filename - the filename * * @return void */ public static function aiowps_output_csv($items, $export_keys, $filename = 'data.csv') { header("Content-Type: text/csv; charset=utf-8"); header("Content-Disposition: attachment; filename=".$filename); header("Pragma: no-cache"); header("Expires: 0"); $output = fopen('php://output', 'w'); //open output stream fputcsv($output, $export_keys, ',', '"', '\\'); // let's put column names first foreach ($items as $item) { $csv_line = array(); foreach ($export_keys as $key => $value) { if (isset($item[$key])) { $csv_line[] = ('created' == $key) ? AIOWPSecurity_Utility::convert_timestamp($item[$key]) : $item[$key]; } } fputcsv($output, $csv_line, ',', '"', '\\'); } } /** * This function will get the content that we want to export as CSV and send it to the download function * * @return void */ public function aiowps_csv_download() { global $aio_wp_security; // phpcs:ignore WordPress.Security.NonceVerification.Missing -- PCP warning. Nonce check in two lines. if (isset($_POST['aiowps_export_404_event_logs_to_csv'])) {//Export 404 event logs // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- It IS the nonce, so... $nonce = isset($_REQUEST['_wpnonce']) ? sanitize_key(wp_unslash($_REQUEST['_wpnonce'])) : ''; $result = AIOWPSecurity_Utility_Permissions::check_nonce_and_user_cap($nonce, 'aiowpsec-export-404-event-logs-to-csv-nonce'); if (is_wp_error($result)) { $aio_wp_security->debug_logger->log_debug($result->get_error_message(), 4); die(esc_html($result->get_error_message())); } include_once 'wp-security-list-404.php'; //For rendering the AIOWPSecurity_List_Table in tab1 $event_list_404 = new AIOWPSecurity_List_404(); //For rendering the AIOWPSecurity_List_Table in tab1 $event_list_404->prepare_items(true); $export_keys = array( 'id' => __('Id', 'all-in-one-wp-security-and-firewall'), 'event_type' => __('Event Type', 'all-in-one-wp-security-and-firewall'), 'ip_or_host' => __('IP Address', 'all-in-one-wp-security-and-firewall'), 'url' => __('Attempted URL', 'all-in-one-wp-security-and-firewall'), 'referer_info' => __('Referer', 'all-in-one-wp-security-and-firewall'), 'created' => __('Date and time', 'all-in-one-wp-security-and-firewall'), 'status' => __('Lock Status', 'all-in-one-wp-security-and-firewall'), ); AIOWPSecurity_Utility::output_csv($event_list_404->items, $export_keys, '404_event_logs.csv'); exit(); } } /** * Check whether current admin page is All In One WP Security admin page or not. * * @return boolean True if All In One WP Security admin page, Otherwise false. */ private function is_aiowps_admin_page() { if (isset($this->is_aiowps_admin_page)) { return $this->is_aiowps_admin_page; } global $pagenow; // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- PCP warning. No nonce on this _GET. $this->is_aiowps_admin_page = (AIOWPSecurity_Utility_Permissions::has_manage_cap() && 'admin.php' == $pagenow && isset($_GET['page']) && false !== strpos(sanitize_title(wp_unslash($_GET['page'])), AIOWPSEC_MENU_SLUG_PREFIX)); return $this->is_aiowps_admin_page; } /** * Hook admin notices on admin dashboard page and admin AIOS pages. * * @return void */ public function hook_admin_notices() { if (!current_user_can('update_plugins')) { return; } // If none of the admin dashboard page or the AIOS page, Then bail if (!$this->is_admin_dashboard_page() && !$this->is_aiowps_admin_page()) { return; } add_action('all_admin_notices', array($this, 'render_admin_notices')); } /** * Check whether current admin page is Admin Dashboard page or not. * * @return boolean True if Admin Dashboard page, Otherwise false. */ private function is_admin_dashboard_page() { if (isset($this->is_admin_dashboard_page)) { return $this->is_admin_dashboard_page; } global $pagenow; $this->is_admin_dashboard_page = 'index.php' == $pagenow; return $this->is_admin_dashboard_page; } /** * Render admin notices. * * @return void */ public function render_admin_notices() { global $aio_wp_security; $custom_notice_ids = array_merge(AIOS_Abstracted_Ids::custom_admin_notice_ids(), AIOS_Abstracted_Ids::htaccess_to_php_feature_notice_ids()); foreach ($custom_notice_ids as $custom_admin_notice_id) { $aio_wp_security->notices->do_notice($custom_admin_notice_id, $custom_admin_notice_id); } // Bail if the premium plugin is active and does not show ads. if (AIOWPSecurity_Utility_Permissions::is_premium_installed()) return; $installed_at = $aio_wp_security->notices->get_aiowps_plugin_installed_timestamp(); $time_now = $aio_wp_security->notices->get_time_now(); $installed_for = $time_now - $installed_at; $dismissed_dash_notice_until = (int) $aio_wp_security->configs->get_value('dismissdashnotice'); if ($this->is_admin_dashboard_page() && ($installed_at && $time_now > $dismissed_dash_notice_until && $installed_for > (14 * 86400)) || (defined('AIOWPSECURITY_FORCE_DASHNOTICE') && AIOWPSECURITY_FORCE_DASHNOTICE)) { $aio_wp_security->include_template('notices/thanks-for-using-main-dash.php'); } elseif ($this->is_aiowps_admin_page() && $installed_at && $installed_for > 14*86400) { $aio_wp_security->notices->do_notice(false, 'top'); } } /** * This function will include any files needed for the admin dashboard * * @return void */ private function admin_includes() { include_once('wp-security-admin-menu.php'); } /** * Enqueue admin JavaScripts. * * @return Void */ public function admin_menu_page_scripts() { if (!AIOWPSecurity_Utility_Permissions::has_manage_cap()) { return; } wp_enqueue_script('jquery'); wp_enqueue_script('postbox'); wp_enqueue_script('dashboard'); wp_enqueue_script('thickbox'); wp_enqueue_script('media-upload'); wp_enqueue_script('chart-bundle', AIO_WP_SECURITY_URL . '/includes/chartjs/Chart.bundle.min.js', array(), AIO_WP_SECURITY_VERSION, true); wp_enqueue_script('chartjs-gauge', AIO_WP_SECURITY_URL . '/includes/chartjs/chartjs-gauge.min.js', array(), AIO_WP_SECURITY_VERSION, true); wp_register_script('jquery-blockui', AIO_WP_SECURITY_URL.'/includes/blockui/jquery.blockUI.js', array('jquery'), AIO_WP_SECURITY_VERSION, true); wp_enqueue_script('jquery-blockui'); wp_register_script('aiowpsec-admin-js', AIO_WP_SECURITY_URL. '/js/wp-security-admin-script.js', array('jquery'), AIO_WP_SECURITY_VERSION, true); wp_enqueue_script('aiowpsec-admin-js'); wp_localize_script('aiowpsec-admin-js', 'aios_data', array( 'ajax_nonce' => wp_create_nonce('wp-security-ajax-nonce'), ) ); wp_localize_script('aiowpsec-admin-js', 'aios_trans', array( 'unexpected_response' => __('Unexpected response:', 'all-in-one-wp-security-and-firewall'), 'copied' => __('Copied', 'all-in-one-wp-security-and-firewall'), 'no_import_file' => __('You have not yet selected a file to import.', 'all-in-one-wp-security-and-firewall'), 'processing' => __('Processing...', 'all-in-one-wp-security-and-firewall'), 'invalid_domain' => __('Please enter a valid IP address or domain name.', 'all-in-one-wp-security-and-firewall'), 'logo' => AIO_WP_SECURITY_URL.'/images/plugin-logos/icon-aios-rgb.svg', 'saving' => __('Saving...', 'all-in-one-wp-security-and-firewall'), 'deleting' => __('Deleting...', 'all-in-one-wp-security-and-firewall'), 'blocking' => __('Blocking...', 'all-in-one-wp-security-and-firewall'), 'unlocking' => __('Unlocking...', 'all-in-one-wp-security-and-firewall'), 'clearing' => __('Clearing...', 'all-in-one-wp-security-and-firewall'), 'importing' => __('Importing...', 'all-in-one-wp-security-and-firewall'), 'exporting' => __('Exporting...', 'all-in-one-wp-security-and-firewall'), 'refreshing' => __('Refreshing...', 'all-in-one-wp-security-and-firewall'), 'scanning' => __('Scanning...', 'all-in-one-wp-security-and-firewall'), 'close' => __('Close', 'all-in-one-wp-security-and-firewall'), 'completed' => __('Completed.', 'all-in-one-wp-security-and-firewall'), 'refreshed' => __('Refreshed.', 'all-in-one-wp-security-and-firewall'), 'deleted' => __('Deleted.', 'all-in-one-wp-security-and-firewall'), 'show_info' => __('show more', 'all-in-one-wp-security-and-firewall'), 'hide_info' => __('hide', 'all-in-one-wp-security-and-firewall'), 'show_notices' => __('But the following notices have been raised', 'all-in-one-wp-security-and-firewall'), 'disabling' => __('Disabling...', 'all-in-one-wp-security-and-firewall'), 'setting_up_firewall' => __('Setting up firewall...', 'all-in-one-wp-security-and-firewall'), 'downgrading_firewall' => __('Downgrading firewall...', 'all-in-one-wp-security-and-firewall'), 'maintenance_mode_enabled' => __('Maintenance mode is currently enabled.', 'all-in-one-wp-security-and-firewall') . ' ' . __('Remember to disable it when you are done.', 'all-in-one-wp-security-and-firewall'), 'maintenance_mode_disabled' => __('Maintenance mode is currently disabled.', 'all-in-one-wp-security-and-firewall'), ) ); wp_register_script('aiowpsec-pw-tool-js', AIO_WP_SECURITY_URL. '/js/password-strength-tool.js', array('jquery'), AIO_WP_SECURITY_VERSION, true); // We will enqueue this in the user acct menu class wp_localize_script('aiowpsec-pw-tool-js', 'aios_pwtool_trans', array( 'years' => __('year(s)', 'all-in-one-wp-security-and-firewall'), 'months' => __('month(s)', 'all-in-one-wp-security-and-firewall'), 'days' => __('day(s)', 'all-in-one-wp-security-and-firewall'), 'hours' => __('hour(s)', 'all-in-one-wp-security-and-firewall'), 'minutes' => __('minute(s)', 'all-in-one-wp-security-and-firewall'), 'seconds' => __('second(s)', 'all-in-one-wp-security-and-firewall'), 'less_than_one_second' => __('less than one second', 'all-in-one-wp-security-and-firewall') ) ); } /** * Enqueue admin styles. * * @return Void */ public function admin_menu_page_styles() { wp_enqueue_style('dashboard'); wp_enqueue_style('thickbox'); wp_enqueue_style('global'); wp_enqueue_style('wp-admin'); $admin_css_version = (defined('WP_DEBUG') && WP_DEBUG) ? time() : filemtime(AIO_WP_SECURITY_PATH. '/css/wp-security-admin-styles.css'); wp_enqueue_style('aiowpsec-admin-css', AIO_WP_SECURITY_URL. '/css/wp-security-admin-styles.css', array(), $admin_css_version); } /** * Sets up various class and tasks needed for the admin dashboard * * @return void */ public function init_hook_handler_for_admin_side() { $this->initialize_feature_manager(); $this->do_other_admin_side_init_tasks(); } /** * Show footer review message and link. * * @return string */ public function display_footer_review_message() { $message = sprintf( /* translators: 1: Product Name, 2: Rating, 3: Trustpilot URL, 4: G2 URL */ __('Enjoyed %1$s? Please leave us a %2$s rating on %3$s or %4$s', 'all-in-one-wp-security-and-firewall').' '.__('We really appreciate your support!', 'all-in-one-wp-security-and-firewall'), '' . htmlspecialchars('All In One Security') . '', '★★★★★', 'Trustpilot', 'G2.com' ); return $message; } /** * This function checks if the feature manager is initialized and initializes it if it is not then checks the feature status and recalculates the points * * @return void */ private function initialize_feature_manager() { if (!isset($aiowps_feature_mgr)) { $aiowps_feature_mgr = new AIOWPSecurity_Feature_Item_Manager(); $aiowps_feature_mgr->check_feature_status_and_recalculate_points(); $GLOBALS['aiowps_feature_mgr'] = $aiowps_feature_mgr; } } /** * Other admin side init tasks. * * @return Void */ private function do_other_admin_side_init_tasks() { global $aio_wp_security; //***New Feature improvement for Cookie Based Brute Force Protection***// // The old "test cookie" used to be too easy to guess because someone could just read the code and get the value. //So now we will drop a more secure test cookie using a 10 digit random string if ('1' == $aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention')) { // This code is for users who had this feature saved using an older release. This will drop the new more secure test cookie to the browser $test_cookie_name_saved = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test'); if (empty($test_cookie_name_saved)) { $random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10); $test_cookie_name = 'aiowps_cookie_test_'.$random_suffix; $aio_wp_security->configs->set_value('aiowps_cookie_brute_test', $test_cookie_name, true); AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, '1'); } } // For cookie test form submission case // phpcs:ignore WordPress.Security.NonceVerification.Missing -- PCP warning. No nonce on this _GET. if (isset($_GET['page']) && AIOWPSEC_BRUTE_FORCE_MENU_SLUG == $_GET['page'] && isset($_GET['tab']) && 'cookie-based-brute-force-prevention' == $_GET['tab']) { if (isset($_POST['aiowps_do_cookie_test_for_bfla'])) { $random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10); $test_cookie_name = 'aiowps_cookie_test_'.$random_suffix; $aio_wp_security->configs->set_value('aiowps_cookie_brute_test', $test_cookie_name, true); AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, '1'); $cur_url = "admin.php?page=".AIOWPSEC_BRUTE_FORCE_MENU_SLUG."&tab=cookie-based-brute-force-prevention"; $redirect_url = AIOWPSecurity_Utility::add_query_data_to_url($cur_url, 'aiowps_cookie_test', "1"); AIOWPSecurity_Utility::redirect_to_url($redirect_url); } if (isset($_REQUEST['aiowps_cookie_test'])) { $test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test'); $cookie_val = AIOWPSecurity_Utility::get_cookie_value($test_cookie); if (empty($cookie_val)) { $aio_wp_security->configs->set_value('aiowps_cookie_test_success', ''); } else { $aio_wp_security->configs->set_value('aiowps_cookie_test_success', '1'); } $aio_wp_security->configs->save_config();//save the value } } } /** * Adds admin menu page and all submenus to the WordPress dashboard * * @return void */ public function create_admin_menus() { $menu_icon_url = AIO_WP_SECURITY_URL.'/images/aios-plugin-icon.svg'; $this->main_menu_page = add_menu_page(__('AIOS', 'all-in-one-wp-security-and-firewall'), __('AIOS', 'all-in-one-wp-security-and-firewall'), apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_MAIN_MENU_SLUG, array($this, 'handle_dashboard_menu_rendering'), $menu_icon_url); foreach ($this->menu_items as $menu_item) { add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, $menu_item['page_title'], $menu_item['menu_title'], apply_filters('aios_management_permission', 'manage_options'), $menu_item['menu_slug'], $menu_item['render_callback'], $menu_item['order']); } do_action('aiowpsecurity_admin_menu_created'); } /** * Adds submenu link for premium upgrade tab. * * @return Void */ public function premium_upgrade_submenu() { if (!AIOWPSecurity_Utility_Permissions::is_premium_installed()) { global $submenu; $submenu[AIOWPSEC_MAIN_MENU_SLUG][] = array(__('Premium Upgrade', 'all-in-one-wp-security-and-firewall'), apply_filters('aios_management_permission', 'manage_options'), 'admin.php?page='.AIOWPSEC_MAIN_MENU_SLUG.'&tab=premium-upgrade'); } } /** * Renders 'Dashboard' submenu page. * * @return Void */ public function handle_dashboard_menu_rendering() { include_once('wp-security-dashboard-menu.php'); new AIOWPSecurity_Dashboard_Menu(); } /** * Renders 'Settings' submenu page. * * @return Void */ public function handle_settings_menu_rendering() { include_once('wp-security-settings-menu.php'); new AIOWPSecurity_Settings_Menu(); } /** * Renders 'User Security' submenu page. * * @return Void */ public function handle_user_security_menu_rendering() { include_once('wp-security-user-security-menu.php'); new AIOWPSecurity_User_Security_Menu(); } /** * Renders 'Database Security' submenu page. * * @return Void */ public function handle_database_menu_rendering() { include_once('wp-security-database-menu.php'); new AIOWPSecurity_Database_Menu(); } /** * Renders 'Filesystem Security' submenu page. * * @return Void */ public function handle_filesystem_menu_rendering() { include_once('wp-security-filesystem-menu.php'); new AIOWPSecurity_Filesystem_Menu(); } /** * Renders 'Firewall' submenu page. * * @return Void */ public function handle_firewall_menu_rendering() { include_once('wp-security-firewall-menu.php'); new AIOWPSecurity_Firewall_Menu(); } /** * Renders 'Brute Force' submenu page. * * @return Void */ public function handle_brute_force_menu_rendering() { include_once('wp-security-brute-force-menu.php'); new AIOWPSecurity_Brute_Force_Menu(); } /** * Renders 'Spam Prevention' submenu page. * * @return Void */ public function handle_spam_menu_rendering() { include_once('wp-security-spam-menu.php'); new AIOWPSecurity_Spam_Menu(); } /** * Renders 'Scanner' submenu page. * * @return Void */ public function handle_filescan_menu_rendering() { include_once('wp-security-filescan-menu.php'); new AIOWPSecurity_Filescan_Menu(); } /** * Renders 'Tools' submenu page. * * @return Void */ public function handle_tools_menu_rendering() { include_once('wp-security-tools-menu.php'); new AIOWPSecurity_Tools_Menu(); } } // End of class