WordPress.org
Get WordPress

Plugin Directory

Changeset 634376


Ignore:
Timestamp:
12/05/2012 01:27:36 PM (13 years ago)
Author:
6Scan
Message:

*) When user clicks "Activation" he sees a local page with terms, textbox for his email address and an "Install" button. Registration data (user's email and url) will be passed to 6Scan server only after user clicks Install.

*) Fixed a bug during install with wp_filesystem()

Version 2.3.0

Location:
6scan-protection/trunk
Files:
3 added
4 edited

Legend:

Unmodified
Added
Removed

  • 6scan-protection/trunk/6scan.php

    r597873 r634376  
    55Description: 6Scan Security provides enterprise-grade security with a firewall, automatic backup, analytics and much more.
    66Author: 6Scan
    7 Version: 2.2.9
     7Version: 2.3.0
    88Author URI: http://www.6scan.com
    99*/
     
    4949   
    5050    /*  This action installs the plugin */
    51     if ( sixscan_common_is_account_active() == FALSE ){
     51    if ( sixscan_common_is_account_active() == FALSE ){     
    5252        add_action( 'admin_notices' , 'sixscan_installation_manager' );
    5353    }

  • 6scan-protection/trunk/admin/includes/common.php

    r597873 r634376  
    44    die( 'No direct access allowed' );
    55
    6 define ( 'SIXSCAN_VERSION' ,                            '2.2.9.0' );
     6define ( 'SIXSCAN_VERSION' ,                            '2.3.0.0' );
    77define ( 'SIXSCAN_HTACCESS_VERSION' ,                   '1' );
    88
     
    119119define( 'SIXSCAN_ANALYZER_MAX_LOG_FILESIZE',            512000 );   
    120120define( 'SIXSCAN_SECURITY_LOG_FILENAME',                '/data/security_log/logger.txt' );
    121 define( 'SIXSCAN_SECURITY_LOCK_NOTIFY_FILENAME',        '/data/lockout_email.html');
     121define( 'SIXSCAN_SECURITY_LOCK_NOTIFY_FILENAME',        '/data/lockout_email.html' );
     122define( 'SIXCAN_REGISTRATION_PAGE_FILENAME' ,           '/data/regpage/reg.html' );
    122123define( 'SIXSCAN_SECURITY_LOG_SEPARATOR',               "\n" );
    123124
     
    455456    global $wp_filesystem;
    456457
    457     $tmp_fname = untrailingslashit( $dir_name ) . 'sixscantmp_';
     458    $tmp_fname = trailingslashit( $dir_name ) . 'sixscantmp_';
    458459   
    459460    $ftmp_result = $wp_filesystem->put_contents( $tmp_fname , 'write_test' );   

  • 6scan-protection/trunk/admin/includes/installation.php

    r597873 r634376  
    33if ( ! defined( 'ABSPATH' ) )
    44    die( 'No direct access allowed' ); 
     5
    56
    67function sixscan_installation_manager()
     
    1011    if ( ( sixscan_common_is_partner_version() ) && ( sixscan_installation_partner_is_to_install() === FALSE ) )
    1112        return;
     13
     14    /* Before install of any kind progresses, user is shown a registration page.
     15    On the first load it shows a registration screen and returns False.
     16    If user clicks 'Agree' - the page reloads with &agree=yes parameter, sixscan_registration_at_install() returns True and registration continues.
     17    No data is transferred to the server until user clicks "Agree" */
     18    if ( sixscan_registration_at_install() === FALSE )
     19        return;     
    1220
    1321    /* If we are waiting for user to input wpfs data */
     
    2432            print $install_result;     
    2533           
     34            /* Makes 6Scan not-active */
    2635            $sixscan_plugin_name = plugin_basename( realpath( dirname( __FILE__ ) . "/../../6scan.php" ) );
    27            
     36       
    2837            /*  This dirty patch is required because some hostings (free?) have a short sql timeout. When it timeouts, 6Scan can't
    2938            disable itelf, and user gets stuck in infinite deactivate loop.
     
    3746
    3847            /*  deactivate myself */           
    39             deactivate_plugins( $sixscan_plugin_name );
     48            deactivate_plugins( $sixscan_plugin_name );         
    4049        }
    4150        else if ( sixscan_installation_partner_run_first_time() === FALSE  ){
     
    4857        /*  No redirects in partner version */
    4958        if ( sixscan_common_is_partner_version() === FALSE ){
    50        
    51             /*  If the install has succeeded - forward user to the registration page */     
    52             $reg_page_address = get_bloginfo( "wpurl" ) . "/wp-admin/admin.php?page=" . SIXSCAN_COMMON_DASHBOARD_URL . "&sixscan_activated=1";
    5359           
    54             /* If user's JavaScript is disabled, he will see this notice to upgrade */
    55             sixscan_installation_account_setup_required_notice();
    56             /*  Forward user to the registration screen */
    57             print <<<EOT
    58                 <script type="text/javascript">
    59                     document.getElementById('6scan_dashboard_redirect_caption').style.display = 'none';
    60                     window.location = "$reg_page_address";
    61                 </script>
    62 EOT;
     60            sixscan_registration_forward_to_dashboard( "&sixscan_activated=1" );
    6361        }
    6462    }
     
    6765    if ( sixscan_common_is_partner_version() )
    6866        sixscan_installation_partner_mark_install_tried();
     67}
     68
     69function sixscan_registration_forward_to_dashboard( $additional_flags = "" ){
     70    $reg_page_address = get_bloginfo( "wpurl" ) . "/wp-admin/admin.php?page=" . SIXSCAN_COMMON_DASHBOARD_URL . $additional_flags;
     71    /*  If the install has succeeded - forward user to the registration page */     
     72           
     73    /* If user's JavaScript is disabled, he will see this notice to upgrade */
     74    sixscan_installation_account_setup_required_notice();
     75    /*  Forward user to the registration screen */
     76    print <<<EOT
     77        <script type="text/javascript">
     78            document.getElementById('6scan_dashboard_redirect_caption').style.display = 'none';
     79            window.location = "$reg_page_address";
     80        </script>
     81EOT;
     82}
     83
     84function sixscan_registration_at_install(){
     85    /* The logic is as following:
     86    When the plugin just got activated - forward user to the dashboard.
     87    When the current page is 6Scan Dashboard - show him the registration page
     88    */
     89    $just_activated = isset( $_GET[ 'activate' ] ) ? strtolower( $_GET[ 'activate' ] ) : '';
     90    $current_page = isset( $_GET[ 'page' ] ) ? strtolower( $_GET[ 'page' ] ) : '';
     91    $agree_val = isset( $_GET[ 'agree' ] ) ? strtolower( $_GET[ 'agree' ] ) : '';
     92   
     93    if ( $just_activated == 'true' ){
     94        sixscan_registration_forward_to_dashboard();
     95        return FALSE;
     96    }
     97
     98    if ( $current_page != SIXSCAN_COMMON_DASHBOARD_URL )
     99        return FALSE;
     100
     101    /* First entry to registration page */
     102    if ( $agree_val == '' ){       
     103        /* Registration page content */
     104        $registration_page = file_get_contents( SIXSCAN_PLUGIN_DIR . SIXCAN_REGISTRATION_PAGE_FILENAME );
     105
     106        /* Add nonce token and email address to the Registration form (Nothing is sent to the server) */   
     107        $replaced_values = array( '_nonce_value_sixscan' , '_email_value_sixscan' , '_page_value_sixscan' , '_reg_logo_link_sixscan');
     108        $new_values =  array( wp_create_nonce( 'sixscan_registration_html' ) , get_option( 'admin_email' ) , SIXSCAN_COMMON_DASHBOARD_URL , SIXSCAN_PLUGIN_URL . 'data/img/reg_logo.png' );
     109        $registration_page = str_replace ( $replaced_values , $new_values , $registration_page );
     110       
     111
     112
     113        print $registration_page;
     114        return FALSE;
     115    }
     116
     117    /* Origin verification */
     118    if (! wp_verify_nonce( $_GET[ '_sixscannonce' ], 'sixscan_registration_html') ) die( 'Security failure' );
     119
     120    /* User clicked 'yes'. Continue to registration */
     121    if ($agree_val == 'yes' ){
     122        return TRUE;
     123    }
     124
     125    return FALSE;
    69126}
    70127
     
    271328
    272329function sixscan_installation_register_with_server( $tmpkey ){
    273        
     330   
     331    $admin_email = isset( $_GET['email'] ) ? $_GET['email'] : "";
     332   
    274333    /*  If there is partner file, partner_id and partner_key are filled */
    275334    sixscan_installation_partner_info_get( $partner_id , $partner_key );
    276335
    277336    $sixscan_register_result = sixscan_communication_oracle_reg_register( get_option( 'siteurl' ) ,
    278                             get_option( 'admin_email' ) , SIXSCAN_PLUGIN_URL . "modules/signatures/notice.php" ,
     337                            $admin_email , SIXSCAN_PLUGIN_URL . "modules/signatures/notice.php" ,
    279338                            $sixscan_oracle_auth_struct , $partner_id , $partner_key , $tmpkey );           
    280339

  • 6scan-protection/trunk/readme.txt

    r597873 r634376  
    11=== 6Scan Security ===
    22Contributors: 6Scan
    3 Version: 2.2.9
     3Version: 2.3.0
    44Tags: security,secure,wordpress security,firewall,antivirus,security plugin,securty,protection,anti-hack,hack,scan,exploit,anti-virus
    55Requires at least: 3.0.0
     
    292292* Changed path references. Now the are referenced as $wp_filesystem->abspath() and alike (The ABSPATH define is only used in several 'direct' access parts)
    293293
    294 = 2.2.9 =
    295 * Added a dismiss link for security vulnerabilities warning
     294= 2.3.0 =
     295*) Fixed a bug during install with wp_filesystem()
     296*) When user clicks "Activation" he sees a local page with terms, textbox for his email address and an "Install" button. Registration data (user's email and url) will be passed to 6Scan server only after user clicks Install.
     297
    296298
    297299== Upgrade Notice ==
Note: See TracChangeset for help on using the changeset viewer.