'DB Prefix', 'tab2' => 'DB Backup', ); var $menu_tabs_handler = array( 'tab1' => 'render_tab1', 'tab2' => 'render_tab2', ); function __construct() { $this->render_menu_page(); } function get_current_tab() { $tab_keys = array_keys($this->menu_tabs); $tab = isset( $_GET['tab'] ) ? $_GET['tab'] : $tab_keys[0]; return $tab; } /* * Renders our tabs of this menu as nav items */ function render_menu_tabs() { $current_tab = $this->get_current_tab(); echo '

'; foreach ( $this->menu_tabs as $tab_key => $tab_caption ) { $active = $current_tab == $tab_key ? 'nav-tab-active' : ''; echo '' . $tab_caption . ''; } echo '

'; } /* * The menu rendering goes here */ function render_menu_page() { $tab = $this->get_current_tab(); ?>

render_menu_tabs(); //$tab_keys = array_keys($this->menu_tabs); call_user_func(array(&$this, $this->menu_tabs_handler[$tab])); ?>

prefix; $new_db_prefix = ''; $perform_db_change = false; if (isset($_POST['aiowps_db_prefix_change']))//Do form submission tasks { $nonce=$_REQUEST['_wpnonce']; if (!wp_verify_nonce($nonce, 'aiowpsec-db-prefix-change-nonce')) { $aio_wp_security->debug_logger->log_debug("Nonce check failed for DB prefix change operation!",4); die(__('Nonce check failed for DB prefix change operation!','aiowpsecurity')); } //Let's first check if user's system allows writing to wp-config.php file. If plugin cannot write to wp-config we will not do the prefix change. $config_file = ABSPATH.'wp-config.php'; $file_write = AIOWPSecurity_Utility_File::is_file_writable($config_file); if ($file_write == false) { $this->show_msg_error(__('The plugin has detected that it cannot write to the wp-config.php file. This feature can only be used if the plugin can successfully write to the wp-config.php file.', 'aiowpsecurity')); } else { if( isset($_POST['aiowps_enable_random_prefix'])) {//User has elected to generate a random DB prefix $string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string('6'); $new_db_prefix = $string . '_'; $perform_db_change = true; }else { if (empty($_POST['aiowps_new_manual_db_prefix'])) { $this->show_msg_error(__('Please enter a value for the DB prefix.', 'aiowpsecurity')); } else { //User has chosen their own DB prefix value $new_db_prefix = wp_strip_all_tags( trim( $_POST['aiowps_new_manual_db_prefix'] ) ); $error = $wpdb->set_prefix( $new_db_prefix ); if(is_wp_error($error)) { wp_die( __('ERROR: The table prefix can only contain numbers, letters, and underscores.', 'aiowpsecurity') ); } $perform_db_change = true; } } } } ?>

'.__('Your WordPress DB is the most important asset of your website because it contains a lot of your site\'s precious information.', 'aiowpsecurity').'
'.__('The DB is also a target for hackers via methods such as SQL injections and malicious and automated code which targets certain tables.', 'aiowpsecurity').'
'.__('One way to add a layer of protection for your DB is to change the default WordPress table prefix from "wp_" to something else which will be difficult for hackers to guess.', 'aiowpsecurity').'
'.__('This feature allows you to easily change the prefix to a value of your choice or to a random value set by this plugin.', 'aiowpsecurity').'

'; ?>

output_feature_details_badge("db-security-db-prefix"); ?>

DB Backup'; $info_msg = '

'.sprintf( __('It is recommended that you perform a %s before using this feature', 'aiowpsecurity'), $backup_tab_link).'

'; echo $info_msg; ?>

:	prefix; ?> '.__('Your site is currently using the default WordPress DB prefix value of "wp_". To increase your site\'s security you should consider changing the DB prefix value to another value.', 'aiowpsecurity').''; } ?>
:	configs->get_value('aiowps_enable_random_prefix')=='1') echo ' checked="checked"'; ?> value="1"/>

change_db_prefix($old_db_prefix,$new_db_prefix); } } function render_tab2() { global $aio_wp_security; global $aiowps_feature_mgr; if (isset($_POST['aiowps_manual_db_backup'])) { $nonce=$_REQUEST['_wpnonce']; if (!wp_verify_nonce($nonce, 'aiowpsec-db-manual-change-nonce')) { $aio_wp_security->debug_logger->log_debug("Nonce check failed for manual DB backup operation!",4); die(__('Nonce check failed for manual DB backup operation!','aiowpsecurity')); } $result = $aio_wp_security->backup_obj->execute_backup(); if ($result) { $backup_file_name = $aio_wp_security->backup_obj->last_backup_file_name; if (function_exists('is_multisite') && is_multisite()) { $backup_file_url = $aio_wp_security->backup_obj->last_backup_file_url_multisite . '/' . $backup_file_name; } else { $upload_dir = wp_upload_dir(); $aiowps_backup_url = $upload_dir['baseurl'] . '/'.AIO_WP_SECURITY_BACKUPS_DIR_NAME; $backup_file_url = $aiowps_backup_url . '/'. $backup_file_name; } echo '

'; _e('DB Backup was successfully completed! Right click on the following file name and save the backup to your computer.','aiowpsecurity'); echo '

'; _e('Your DB Backup File: '); echo ''.$backup_file_name.''; echo '

'; echo '

'; } else { $aio_wp_security->debug_logger->log_debug("DB Backup - Backup operation failed!",4); $this->show_msg_error(__('DB Backup failed. Please check the permissions of the backup directory.','aiowpsecurity')); } } if(isset($_POST['aiowps_schedule_backups']))//Do form submission tasks { $error = ''; $nonce=$_REQUEST['_wpnonce']; if (!wp_verify_nonce($nonce, 'aiowpsec-scheduled-backup-nonce')) { $aio_wp_security->debug_logger->log_debug("Nonce check failed on scheduled DB backup options save!",4); die("Nonce check failed on scheduled DB backup options save!"); } $backup_frequency = sanitize_text_field($_POST['aiowps_db_backup_frequency']); if(!is_numeric($backup_frequency)) { $error .= '
'.__('You entered a non numeric value for the "backup time interval" field. It has been set to the default value.','aiowpsecurity'); $backup_frequency = '4';//Set it to the default value for this field } $files_to_keep = sanitize_text_field($_POST['aiowps_backup_files_stored']); if(!is_numeric($files_to_keep)) { $error .= '
'.__('You entered a non numeric value for the "number of backup files to keep" field. It has been set to the default value.','aiowpsecurity'); $files_to_keep = '2';//Set it to the default value for this field } $email_address = sanitize_email($_POST['aiowps_backup_email_address']); if(!is_email($email_address)) { $error .= '
'.__('You have entered an incorrect email address format. It has been set to your WordPress admin email as default.','aiowpsecurity'); $email_address = get_bloginfo('admin_email'); //Set the default value to the blog admin email } if($error) { $this->show_msg_error(__('Attention!','aiowpsecurity').$error); } //Save all the form values to the options $aio_wp_security->configs->set_value('aiowps_enable_automated_backups',isset($_POST["aiowps_enable_automated_backups"])?'1':''); $aio_wp_security->configs->set_value('aiowps_db_backup_frequency',absint($backup_frequency)); $aio_wp_security->configs->set_value('aiowps_db_backup_interval',$_POST["aiowps_db_backup_interval"]); $aio_wp_security->configs->set_value('aiowps_backup_files_stored',absint($files_to_keep)); $aio_wp_security->configs->set_value('aiowps_send_backup_email_address',isset($_POST["aiowps_send_backup_email_address"])?'1':''); $aio_wp_security->configs->set_value('aiowps_backup_email_address',$email_address); $aio_wp_security->configs->save_config(); //Recalculate points after the feature status/options have been altered $aiowps_feature_mgr->check_feature_status_and_recalculate_points(); $this->show_msg_settings_updated(); //Let's check if backup interval was set to less than 24 hours if (isset($_POST["aiowps_enable_automated_backups"]) && ($backup_frequency < 24) && $_POST["aiowps_db_backup_interval"]==0) { $alert_user_msg = 'ATTENTION: You have configured your backups to occur at least once daily. For most websites we recommended that you choose a less frequent backup schedule such as once every few days, once a week or once a month. Choosing a less frequent schedule will also help reduce your server load.'; $this->show_msg_updated_st(__($alert_user_msg, 'aiowpsecurity')); } } ?>

output_feature_details_badge("db-security-db-backup"); ?>

:	configs->get_value('aiowps_enable_automated_backups')=='1') echo ' checked="checked"'; ?> value="1"/>
:
:
:	configs->get_value('aiowps_send_backup_email_address')=='1') echo ' checked="checked"'; ?> value="1"/>

'.__('Starting DB prefix change operations.....', 'aiowpsecurity').'

'; $info_msg_string .= '

'.sprintf( __('Your WordPress system has a total of %s tables and your new DB prefix will be: %s', 'aiowpsecurity'), ''.$num_rows.'', ''.$table_new_prefix.'').'

'; echo ($info_msg_string); //Do a back of the config file if(!AIOWPSecurity_Utility_File::backup_a_file($config_file)) { echo '

'.__('Failed to make a backup of the wp-config.php file. This operation will not go ahead.', 'aiowpsecurity').'

'; return; } else{ echo '

'.__('A backup copy of your wp-config.php file was created successfully!', 'aiowpsecurity').'

'; } //Rename all the tables name for ($i = 0; $i < $num_rows; $i++) { //Get table name with old prefix $table_old_name = mysql_tablename($result, $i); if ( strpos( $table_old_name, $table_old_prefix ) === 0 ) { //Get table name with new prefix $table_new_name = $table_new_prefix . substr( $table_old_name, $old_prefix_length ); //Write query to rename tables name $sql = "RENAME TABLE `".$table_old_name."` TO `".$table_new_name."`"; //$sql = "RENAME TABLE %s TO %s"; //Execute the query //if ( false === $wpdb->query($wpdb->prepare($sql, $table_old_name, $table_new_name)) ) //$wpdb->prepare is adding single quotes instead of backticks and hence causing the query to fail if ( false === $wpdb->query($sql) ) { $error = 1; echo '

'.sprintf( __('%s table name update failed', 'aiowpsecurity'), ''.$table_old_name.'').'

'; $aio_wp_security->debug_logger->log_debug("DB Security Feature - Unable to change prefix of table ".$table_old_name,4); } else { $table_count++; } } else { continue; } } if ( @$error == 1 ) { echo '

'.sprintf( __('Please change the prefix manually for the above tables to: %s', 'aiowpsecurity'), ''.$table_new_prefix.'').'

'; } else { echo '

'.sprintf( __('%s tables had their prefix updated successfully!', 'aiowpsecurity'), ''.$table_count.'').'

'; } //Get wp-config.php file contents and modify it with new info $config_contents = file($config_file); foreach ($config_contents as $line_num => $line) { switch (substr($line,0,16)) { case '$table_prefix =': $config_contents[$line_num] = str_replace($table_old_prefix, $table_new_prefix, $line); break; } } //Now let's modify the wp-config.php file if (AIOWPSecurity_Utility_File::write_content_to_file($config_file, $config_contents)) { echo '

'. __('wp-config.php file was updated successfully!', 'aiowpsecurity').'

'; }else { echo '

'.sprintf( __('The "wp-config.php" file was not able to be modified. Please modify this file manually using your favourite editor and search for variable "$table_prefix" and assign the following value to that variable: %s', 'aiowpsecurity'), ''.$table_new_prefix.'').'

'; $aio_wp_security->debug_logger->log_debug("DB Security Feature - Unable to modify wp-config.php",4); } //Now let's update the options table $update_option_table_query = "UPDATE " . $table_new_prefix . "options SET option_name = '".$table_new_prefix ."user_roles' WHERE option_name = '".$table_old_prefix."user_roles' LIMIT 1"; if ( false === $wpdb->query($update_option_table_query) ) { echo "

Changing value: ", $table_old_prefix, "user_roles in table ", $table_new_prefix, "options to ", $table_new_prefix, "user_roles

"; echo '

'.sprintf( __('There was an error when updating the options table.', 'aiowpsecurity')).'

'; $aio_wp_security->debug_logger->log_debug("DB Security Feature - Error when updating the options table",4);//Log the highly unlikely event of DB error } else { echo '

'.sprintf( __('The options table records which had references to the old DB prefix were updated successfully!', 'aiowpsecurity')).'

'; } //Now let's update the user meta table $custom_sql = "SELECT user_id, meta_key FROM " . $table_new_prefix . "usermeta WHERE meta_key LIKE '" . $table_old_prefix . "%'"; $meta_keys = $wpdb->get_results( $custom_sql ); $error_update_usermeta = ''; //Update all meta_key field values which have the old table prefix in user_meta table foreach ($meta_keys as $meta_key ) { //Create new meta key $new_meta_key = $table_new_prefix . substr( $meta_key->meta_key, $old_prefix_length ); $update_user_meta_sql = "UPDATE " . $table_new_prefix . "usermeta SET meta_key='" . $new_meta_key . "' WHERE meta_key='" . $meta_key->meta_key . "' AND user_id='" . $meta_key->user_id."'"; if (false === $wpdb->query($update_user_meta_sql)) { $error_update_usermeta .= '

'.sprintf( __('Error updating user_meta table where new meta_key = %s, old meta_key = %s and user_id = %s.', 'aiowpsecurity'),$new_meta_key,$meta_key->meta_key,$meta_key->user_id).'

'; echo $error_update_usermeta; $aio_wp_security->debug_logger->log_debug("DB Security Feature - Error updating user_meta table where new meta_key = ".$new_meta_key." old meta_key = ".$meta_key->meta_key." and user_id = ".$meta_key->user_id,4);//Log the highly unlikely event of DB error } } echo '

'.__('The usermeta table records which had references to the old DB prefix were updated successfully!', 'aiowpsecurity').'

'; //Display tasks finished message $tasks_finished_msg_string = '

'. __('DB prefix change tasks have been completed.', 'aiowpsecurity').'

'; echo ($tasks_finished_msg_string); } } //end class