prefix;
$new_db_prefix = '';
$perform_db_change = false;
if (isset($_POST['aiowps_db_prefix_change']))//Do form submission tasks
{
$nonce=$_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-db-prefix-change-nonce'))
{
$aio_wp_security->debug_logger->log_debug("Nonce check failed for DB prefix change operation!",4);
die(__('Nonce check failed for DB prefix change operation!','aiowpsecurity'));
}
if( isset($_POST['aiowps_enable_random_prefix']))
{//User has elected to generate a random DB prefix
$string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string('6');
$new_db_prefix = $string . '_';
$perform_db_change = true;
}else
{
if (empty($_POST['aiowps_new_manual_db_prefix']))
{
$this->show_msg_error(__('Please enter a value for the DB prefix.', 'aiowpsecurity'));
}
else
{
//User has chosen their own DB prefix value
$new_db_prefix = wp_strip_all_tags( trim( $_POST['aiowps_new_manual_db_prefix'] ) );
$error = $wpdb->set_prefix( $new_db_prefix );
if(is_wp_error($error))
{
wp_die( __('ERROR: The table prefix can only contain numbers, letters, and underscores.', 'aiowpsecurity') );
}
$perform_db_change = true;
}
}
}
?>
'.__('Your WordPress DB is the most important asset of your website because it contains a lot of your site\'s precious information.', 'aiowpsecurity').'
'.__('The DB is also a target for hackers via methods such as SQL injections and malicious and automated code which targets certain tables.', 'aiowpsecurity').'
'.__('One way to add a layer of protection for your DB is to change the default WordPress table prefix from "wp_" to something else which will be difficult for hackers to guess.', 'aiowpsecurity').'
'.__('This feature allows you to easily change the prefix to a value of your choice or to a random value set by this plugin.', 'aiowpsecurity').'
';
?>
';
}
else
{
$aio_wp_security->debug_logger->log_debug("DB Backup - Backup operation failed!",4);
$this->show_msg_error(__('DB Backup failed. Please check the permissions of the backup directory.','aiowpsecurity'));
}
}
if(isset($_POST['aiowps_schedule_backups']))//Do form submission tasks
{
$error = '';
$nonce=$_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-scheduled-backup-nonce'))
{
$aio_wp_security->debug_logger->log_debug("Nonce check failed on scheduled DB backup options save!",4);
die("Nonce check failed on scheduled DB backup options save!");
}
$backup_frequency = sanitize_text_field($_POST['aiowps_db_backup_frequency']);
if(!is_numeric($backup_frequency))
{
$error .= ' '.__('You entered a non numeric value for the "backup time interval" field. It has been set to the default value.','aiowpsecurity');
$backup_frequency = '4';//Set it to the default value for this field
}
$files_to_keep = sanitize_text_field($_POST['aiowps_backup_files_stored']);
if(!is_numeric($files_to_keep))
{
$error .= ' '.__('You entered a non numeric value for the "number of backup files to keep" field. It has been set to the default value.','aiowpsecurity');
$files_to_keep = '2';//Set it to the default value for this field
}
$email_address = sanitize_email($_POST['aiowps_backup_email_address']);
if(!is_email($email_address))
{
$error .= ' '.__('You have entered an incorrect email address format. It has been set to your WordPress admin email as default.','aiowpsecurity');
$email_address = get_bloginfo('admin_email'); //Set the default value to the blog admin email
}
if($error)
{
$this->show_msg_error(__('Attention!','aiowpsecurity').$error);
}
//Save all the form values to the options
$aio_wp_security->configs->set_value('aiowps_enable_automated_backups',isset($_POST["aiowps_enable_automated_backups"])?'1':'');
$aio_wp_security->configs->set_value('aiowps_db_backup_frequency',absint($backup_frequency));
$aio_wp_security->configs->set_value('aiowps_db_backup_interval',$_POST["aiowps_db_backup_interval"]);
$aio_wp_security->configs->set_value('aiowps_backup_files_stored',absint($files_to_keep));
$aio_wp_security->configs->set_value('aiowps_send_backup_email_address',isset($_POST["aiowps_send_backup_email_address"])?'1':'');
$aio_wp_security->configs->set_value('aiowps_backup_email_address',$email_address);
$aio_wp_security->configs->save_config();
$this->show_msg_settings_updated();
//Let's check if backup interval was set to less than 24 hours
if (isset($_POST["aiowps_enable_automated_backups"]) && ($backup_frequency < 24) && $_POST["aiowps_db_backup_interval"]==0)
{
$alert_user_msg = 'ATTENTION: You have configured your backups to occur at least once daily. For most websites we recommended that you choose a less frequent backup
schedule such as once every few days, once a week or once a month. Choosing a less frequent schedule will also help reduce your server load.';
$this->show_msg_updated_st(__($alert_user_msg, 'aiowpsecurity'));
}
}
?>
'.sprintf( __('Starting DB prefix change.....', 'aiowpsecurity')).'';
$info_msg_string .= '
'.sprintf( __('Your WordPress system has a total of %s tables and your new DB prefix will be: %s', 'aiowpsecurity'), ''.$num_rows.'', ''.$table_new_prefix.'').'
';
echo ($info_msg_string);
//Config file path
$config_file = ABSPATH.'wp-config.php';
//Do a back of the config file
if(!AIOWPSecurity_Utility_File::backup_a_file($config_file))
{
echo '
'.__('Failed to make a backup of the wp-config.php file. This operation will not go ahead.', 'aiowpsecurity').'
';
return;
}
else{
echo '
'.__('A backup copy of your wp-config.php file was created successfully!', 'aiowpsecurity').'
';
}
//Rename all the tables name
for ($i = 0; $i < $num_rows; $i++)
{
//Get table name with old prefix
$table_old_name = mysql_tablename($result, $i);
if ( strpos( $table_old_name, $table_old_prefix ) === 0 )
{
//Get table name with new prefix
$table_new_name = $table_new_prefix . substr( $table_old_name, $old_prefix_length );
//Write query to rename tables name
$sql = "RENAME TABLE `".$table_old_name."` TO `".$table_new_name."`";
//$sql = "RENAME TABLE %s TO %s";
//Execute the query
//if ( false === $wpdb->query($wpdb->prepare($sql, $table_old_name, $table_new_name)) ) //$wpdb->prepare is adding single quotes instead of backticks and hence causing the query to fail
if ( false === $wpdb->query($sql) )
{
$error = 1;
echo '
'.sprintf( __('%s table name update failed', 'aiowpsecurity'), ''.$table_old_name.'').'
'.sprintf( __('Please change the prefix manually for the above tables to: %s', 'aiowpsecurity'), ''.$table_new_prefix.'').'
';
} else
{
echo '
'.sprintf( __('%s tables had their prefix updated successfully!', 'aiowpsecurity'), ''.$table_count.'').'
';
}
//Get wp-config.php file contents and modify it with new info
$config_contents = file($config_file);
foreach ($config_contents as $line_num => $line) {
switch (substr($line,0,16)) {
case '$table_prefix =':
$config_contents[$line_num] = str_replace($table_old_prefix, $table_new_prefix, $line);
break;
}
}
//Now let's modify the wp-config.php file
if (AIOWPSecurity_Utility_File::write_content_to_file($config_file, $config_contents))
{
echo '
'. __('wp-config.php file was updated successfully!', 'aiowpsecurity').'
';
}else
{
echo '
'.sprintf( __('The "wp-config.php" file was not able to be modified. Please modify this file manually using your favourite editor and search
for variable "$table_prefix" and assign the following value to that variable: %s', 'aiowpsecurity'), ''.$table_new_prefix.'').'
';
$aio_wp_security->debug_logger->log_debug("DB Security Feature - Unable to modify wp-config.php",4);
}
//Now let's update the options table
$update_option_table_query = "UPDATE " . $table_new_prefix . "options
SET option_name = '".$table_new_prefix ."user_roles'
WHERE option_name = '".$table_old_prefix."user_roles'
LIMIT 1";
if ( false === $wpdb->query($update_option_table_query) )
{
echo "
Changing value: ",
$table_old_prefix,
"user_roles in table ",
$table_new_prefix,
"options to ",
$table_new_prefix,
"user_roles
";
echo '
'.sprintf( __('There was an error when updating the options table.', 'aiowpsecurity')).'
';
$aio_wp_security->debug_logger->log_debug("DB Security Feature - Error when updating the options table",4);//Log the highly unlikely event of DB error
} else
{
echo '
'.sprintf( __('The options table records which had references to the old DB prefix were updated successfully!', 'aiowpsecurity')).'
';
}
//Now let's update the user meta table
$custom_sql = "SELECT user_id, meta_key
FROM " . $table_new_prefix . "usermeta
WHERE meta_key
LIKE '" . $table_old_prefix . "%'";
$meta_keys = $wpdb->get_results( $custom_sql );
$error_update_usermeta = '';
//Update all meta_key field values which have the old table prefix in user_meta table
foreach ($meta_keys as $meta_key ) {
//Create new meta key
$new_meta_key = $table_new_prefix . substr( $meta_key->meta_key, $old_prefix_length );
$update_user_meta_sql = "UPDATE " . $table_new_prefix . "usermeta
SET meta_key='" . $new_meta_key . "'
WHERE meta_key='" . $meta_key->meta_key . "'
AND user_id='" . $meta_key->user_id."'";
if (false === $wpdb->query($update_user_meta_sql))
{
$error_update_usermeta .= '
'.sprintf( __('Error updating user_meta table where new meta_key = %s, old meta_key = %s and user_id = %s.', 'aiowpsecurity'),$new_meta_key,$meta_key->meta_key,$meta_key->user_id).'
';
echo $error_update_usermeta;
$aio_wp_security->debug_logger->log_debug("DB Security Feature - Error updating user_meta table where new meta_key = ".$new_meta_key." old meta_key = ".$meta_key->meta_key." and user_id = ".$meta_key->user_id,4);//Log the highly unlikely event of DB error
}
}
echo '
'.__('The usermeta table records which had references to the old DB prefix were updated successfully!', 'aiowpsecurity').'