Changeset 1855342
- Timestamp:
- 04/09/2018 06:00:19 PM (8 years ago)
- Location:
- shieldfy/trunk
- Files:
-
- 2 edited
-
bootstrap.php (modified) (4 diffs)
-
libs/base.php (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
shieldfy/trunk/bootstrap.php
r1672183 r1855342 26 26 27 27 function shieldfy_activation() { } 28 function shieldfy_deactivation() { 29 // echo 'deactivate';exit; 28 function shieldfy_deactivation() { 30 29 return ShieldfyBase::uninstall(); 31 30 } … … 35 34 } 36 35 function shieldfy_firewall_init_check(){ 37 return ShieldfyBase::check();36 // return ShieldfyBase::check(); 38 37 } 38 39 39 40 40 function shieldfy_plugin_menu() … … 69 69 { 70 70 $shieldfy_active = get_option('shieldfy_active_plugin'); 71 if($shieldfy_active == false){ 71 if($shieldfy_active == false){ 72 72 $user = get_userdata(get_current_user_id()); 73 73 $avatar = get_avatar(get_current_user_id(),48,"monsterid","",array( … … 81 81 </div>'; 82 82 } 83 83 84 84 } -
shieldfy/trunk/libs/base.php
r1672187 r1855342 14 14 $shieldfy_active = get_option('shieldfy_active_plugin'); 15 15 if($shieldfy_active){ 16 17 //plugin activated check for firewall signature18 if(!defined('SHIELDFY_VERSION')){19 //include the firewall if exists20 if(file_exists(SHIELDFY_ROOT_DIR.'shieldfy.php')){21 @require_once(SHIELDFY_ROOT_DIR.'shieldfy.php');22 }23 }24 16 25 //check for proper version 26 if(SHIELDFY_SHIELD_VERSION != SHIELDFY_VERSION){ 27 //old version of corrupted , run install again 17 //check if shieldfy is here 18 if(!defined('SHIELDFY_IS_LOADED')){ 28 19 $key = get_option('shieldfy_active_app_key'); 29 20 $secret = get_option('shieldfy_active_app_secret'); 30 21 self::install($key, $secret , true); 31 22 } 23 32 24 } 33 25 return true; … … 36 28 public static function install($key, $secret, $silent = false) 37 29 { 38 $info = array(39 'host' => $_SERVER['HTTP_HOST'],40 'https' => self::isUsingSSL(),41 'lang' => 'php',42 'sdk_version' => 'wordpress',43 'php_version'=>PHP_VERSION,44 'sapi_type'=>php_sapi_name(),45 'os_info'=>php_uname(),46 'disabled_functions'=>(@ini_get('disable_functions') ? @ini_get('disable_functions') : 'None'),47 'loaded_extensions'=>implode(',', get_loaded_extensions()),48 'display_errors'=>ini_get('display_errors'),49 'register_globals'=>(ini_get('register_globals') ? ini_get('register_globals') : 'None'),50 'post_max_size'=>ini_get('post_max_size'),51 'curl'=>extension_loaded('curl') && is_callable('curl_init'),52 'fopen'=>@ini_get('allow_url_fopen'),53 'mcrypt'=>extension_loaded('mcrypt')54 );55 30 56 if(@touch('shieldfy_tmpfile.tmp')){ 57 $info['create_file'] = 1; 58 $delete = @unlink('shieldfy_tmpfile.tmp'); 59 if($delete){ 60 $info['delete_file'] = 1; 61 }else{ 62 $info['delete_file'] = 0; 31 $dbFile = WP_CONTENT_DIR.'/db.php'; 32 $newContent = file_get_contents(__DIR__.'/_alternative_db.php'); 33 34 if(file_exists($dbFile)){ 35 $oldContent = file_get_contents($dbFile); 36 //check for shieldfy code 37 if(strstr($oldContent, '\Shieldfy\Guard')){ 38 echo json_encode(array('status'=>'success')); 39 return; 63 40 } 64 }else{ 65 $info['create_file'] = 0; 66 $info['delete_file'] = 0; 67 } 68 if(file_exists($root.'.htaccess')){ 69 $info['htaccess_exists'] = 1; 70 if(is_writable($root.'.htaccess')){ 71 $info['htaccess_writable'] = 1; 72 }else{ 73 $info['htaccess_writable'] = 0; 74 } 75 }else{ 76 $info['htaccess_exists'] = 0; 77 } 78 79 $api = new ShieldfyAPI($key, $secret); 80 $result = $api->callUrl('install',$info); 81 $res = json_decode($result); 82 83 if(!$res){ 84 echo json_encode(array('status'=>'error','message'=>'Error contacting server , Try again later')); 85 return; 41 //insert our content as the beginning of the code 42 $newContent .= "\n ?>" . $oldContent; 86 43 } 87 44 88 if($res && $res->status == 'error'){ 89 echo json_encode(array('status'=>'error','message'=>'Wrong Key or Wrong Secret')); 90 return; 91 } 92 $rulesData = $res->data->general; 45 $newContent = str_replace('{APIKEY}', $key, $newContent); 46 $newContent = str_replace('{APISECRET}', $secret, $newContent); 93 47 94 //start installation 95 96 //copy shieldfy.php 97 $shield_code = file_get_contents(SHIELDFY_PLUGIN_DIR . '/shieldfy.client.php'); 98 $shield_code = str_replace('{{$APP_KEY}}', $key, $shield_code); 99 $shield_code = str_replace('{{$APP_SECRET}}', $secret, $shield_code); 100 $shield_code = str_replace('{{$API_SERVER_ENDPOINT}}', SHIELDFY_PLUGIN_API_ENDPOINT, $shield_code); 101 $host_root = ''; 102 if(defined('SHIELDFY_ROOT_DIR')){ 103 $host_root = SHIELDFY_ROOT_DIR; 104 }else{ 105 if(function_exists('get_home_path')){ 106 $host_root = get_home_path(); 107 }else{ 108 $host_root = get_blog_home_path(); 109 } 110 } 111 $host_url = ''; 112 if(function_exists('get_home_url')){ 113 $host_url = get_home_url(); 114 } 115 $host_admin = ''; 116 if(function_exists('get_admin_url')){ 117 $host_admin = get_admin_url(); 118 } 119 $shield_code = str_replace('{{$HOST_ROOT}}', $host_url, $shield_code); 120 $shield_code = str_replace('{{$HOST_ADMIN}}', str_replace($host_url,'',$host_admin) , $shield_code); 121 122 file_put_contents($host_root.'shieldfy.php', $shield_code); 123 124 //create directories //copy rules data 125 126 @mkdir($host_root.'shieldfy'); 127 file_put_contents($host_root.'shieldfy'.DIRECTORY_SEPARATOR.".htaccess", "order deny,allow \n"); 128 @mkdir($host_root.'shieldfy'.DIRECTORY_SEPARATOR.'data'); 129 file_put_contents($host_root.'shieldfy'.DIRECTORY_SEPARATOR."data".DIRECTORY_SEPARATOR."general.json", $rulesData); 130 $cert = file_get_contents(SHIELDFY_PLUGIN_DIR.'/certificate/cacert.pem'); 131 file_put_contents($host_root.'shieldfy'.DIRECTORY_SEPARATOR."data".DIRECTORY_SEPARATOR."cacert.pem", $cert); 132 @mkdir($host_root.'shieldfy'.DIRECTORY_SEPARATOR.'tmpd'); 133 @mkdir($host_root.'shieldfy'.DIRECTORY_SEPARATOR.'tmpd'.DIRECTORY_SEPARATOR.'ban'); 134 @mkdir($host_root.'shieldfy'.DIRECTORY_SEPARATOR.'tmpd'.DIRECTORY_SEPARATOR.'firewall'); 135 @mkdir($host_root.'shieldfy'.DIRECTORY_SEPARATOR.'tmpd'.DIRECTORY_SEPARATOR.'logs'); 136 file_put_contents($host_root.'shieldfy'.DIRECTORY_SEPARATOR.'tmpd'.DIRECTORY_SEPARATOR.".htaccess", "order deny,allow \n deny from all"); 137 138 //add lines to htaccess or .user.ini 139 140 if(function_exists('insert_with_markers')){ 141 $sapi_type = php_sapi_name(); 142 $content = ''; 143 if (substr($sapi_type, 0, 3) == 'cgi' || substr($sapi_type, 0, 3) == 'fpm') { 144 $firewall = "auto_prepend_file = ".$host_root."shieldfy.php"; 145 insert_with_markers ( $host_root.'.user.ini', 'Shieldfy', $firewall ); 146 }else{ 147 $content .= "# ============= Firewall ============="."\n"; 148 $content .= '<IfModule mod_php5.c>'."\n"; 149 $content .= 'php_value auto_prepend_file "'.$host_root.'shieldfy.php"'."\n"; 150 $content .= '</IfModule>'."\n"; 151 } 152 $content = explode("\n",$content); 153 insert_with_markers ( $host_root.'.htaccess', 'Shieldfy', $content ); 154 } 155 156 //update status with OK 48 file_put_contents($dbFile, $newContent); 157 49 158 50 update_option('shieldfy_active_plugin','1'); 159 51 update_option('shieldfy_active_app_key',$key); 160 52 update_option('shieldfy_active_app_secret',$secret); 53 161 54 if($silent == false){ 162 55 echo json_encode(array('status'=>'success')); 163 } 56 } 57 return; 58 59 //update status with OK 60 echo json_encode(array('status'=>'success'));return; 61 62 if($silent == false){ 63 echo json_encode(array('status'=>'success')); 64 } 164 65 return; 165 66 } … … 167 68 public static function isUsingSSL() 168 69 { 169 return 70 return 170 71 (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') 171 72 || $_SERVER['SERVER_PORT'] == 443; … … 178 79 delete_option('shieldfy_active_app_secret'); 179 80 180 if(defined('SHIELDFY_ROOT_DIR')){181 $host_root = SHIELDFY_ROOT_DIR;182 }183 if(function_exists('get_home_path')){184 $host_root = get_home_path();185 }186 //remove entry from htaccess187 insert_with_markers ( $host_root.'.htaccess', 'Shieldfy', array() );188 //temporary solution for php_value cache in apache189 $php_ini = $host_root.'.user.ini';190 if(file_exists($php_ini)){191 insert_with_markers ( $php_ini, 'Shieldfy', array() );192 }193 81 194 195 $dir = $host_root.'shieldfy/';196 if(!file_exists($dir)) return;197 198 @unlink($dir.'.htaccess');199 @unlink($dir.'tmpd/.htaccess');200 $res = @scandir($dir.'data');201 foreach($res as $re){202 if(is_file($dir.'data/'.$re)){203 @unlink($dir.'data/'.$re);204 }205 }206 82 207 $res = @scandir($dir.'tmpd/ban');208 foreach($res as $re){209 if(is_file($dir.'tmpd/ban/'.$re)){210 @unlink($dir.'tmpd/ban/'.$re);211 }212 }213 $res = @scandir($dir.'tmpd/firewall');214 foreach($res as $re){215 if(is_file($dir.'tmpd/firewall/'.$re)){216 @unlink($dir.'tmpd/firewall/'.$re);217 }218 }219 $res = @scandir($dir.'tmpd/logs');220 foreach($res as $re){221 if(is_file($dir.'tmpd/logs/'.$re)){222 @unlink($dir.'tmpd/logs/'.$re);223 }224 }225 226 @rmdir($dir.'data');227 @rmdir($dir.'tmpd/ban');228 @rmdir($dir.'tmpd/firewall');229 @rmdir($dir.'tmpd/logs');230 @rmdir($dir.'tmpd');231 @rmdir($dir);232 233 @file_put_contents($host_root.'/shieldfy.php','');234 235 83 } 236 84 }
Note: See TracChangeset
for help on using the changeset viewer.