'Invalid auth key' ) ); } $scanner = new AsgardScanner(); $scanner->scan( ABSPATH ); $resp = array( 'unknown'=>$scanner->unknown, 'malware'=>$scanner->malware ); if ( !empty( $scanner->scanres ) ) $resp['scan_result'] = $scanner->scanres; if ( !empty( $_GET['plugins_info'] ) ) { if ( ! function_exists( 'get_plugins' ) ) { require_once ABSPATH . 'wp-admin/includes/plugin.php'; } $resp['plugins'] = get_plugins(); } wp_send_json_success( $resp ); } asgard_ext_scan(); function asgard_authkey( $authkey=null ) { if ( $authkey !== null ) { update_option( 'asgard_authkey', $authkey ); } return get_option( 'asgard_authkey' ); } function asgard_get_account( $refresh=false ) { if ( !( $account = get_transient( 'asgard_account' ) ) || $refresh ) { $plugin_info = is_admin() ? get_plugin_data( __FILE__ ) : array( 'Version'=>'-' ); $params = array( 'auth_key' => asgard_authkey(), 'site_url' => site_url( '/' ) , 'admin_email' => get_option( 'admin_email' ) , 'client' => 'Wordpress ' . get_bloginfo( 'version' ) , 'asgard_checksum' => ASGARD_CHECKSUM, 'asgard_version' => $plugin_info['Version'], ); $resp = wp_remote_post( 'http://pro.asgardapi.appspot.com/get_account', array( 'body'=>$params, 'timeout'=>5 ) ); $account_data = wp_remote_retrieve_body( $resp ); $account = json_decode( $account_data, true ); if ( !is_array( $account ) ) wp_die( 'unable to fetch asgard account.

'.print_r( $params, 1 ).'

' ); // 1 day cache set_transient( 'asgard_account', $account, DAY_IN_SECONDS ); // upgrade auth_key if ( !empty( $account['auth_key'] ) && $account['auth_key'] !== asgard_authkey() ) { asgard_authkey( $account['auth_key'] ); } } return $account; } function asgard_activate_url() { $q = build_query( array( 'url' => urlencode( site_url( '/' ) ), 'client' => urlencode( 'Wordpress ' . get_bloginfo( 'version' ) ), 'return_uri' => urlencode( admin_url( 'admin.php?page=asgard&asgard_authkey={AuthKey}' ) ) ) ); return ASGARD_PASSPORT . 'activate?' . $q; } function asgard_unlock_status() { $till = get_option( 'asgard_unlock_till' ); if ( !$till ) return false; if ( $till <= time() ) return 'renew'; return true; } function asgard_unlock_notice() { if ( empty( $_GET['asgard_unlock_status'] ) ) { return; } $account = asgard_get_account( 'refresh' ); if ( $_GET['asgard_unlock_status'] == 'success' ) { ?>

Success! Your full account active until .

Brr! .

Asgard Security. Almost done - activate your account and protect your blog from malware.

' . $path . ' removed

'; } else { echo '

Unable to remove ' . $path . '

'; } } die; } class AsgardTempFile { public $file; public function __construct( $prefix = '' ) { $this->file = tempnam( get_temp_dir() , $prefix ); register_shutdown_function( array( $this, '__destruct' ) ); } public function __toString() { return $this->file; } public function __destruct() { @unlink( $this->file ); } } function asgard_html_error( $err ) { die( '

' . esc_html( $err ) . '

' ); } function asgard_zip_files( $files, $basepath ) { $tmpfile = new AsgardTempFile( 'asgard_zip' ); if ( extension_loaded( 'zip' ) ) { $z = new ZipArchive(); $z->open( $tmpfile, ZIPARCHIVE::CREATE ); foreach ( $files as $file ) { $z->addFile( $file, str_replace( $basepath, '', $file ) ); } $z->close(); } else if ( file_exists( ABSPATH . 'wp-admin/includes/class-pclzip.php' ) ) { require_once ABSPATH . 'wp-admin/includes/class-pclzip.php'; $archive = new PclZip( $tmpfile->file ); $archive->add( $files, PCLZIP_OPT_REMOVE_PATH, $basepath ); } else { asgard_html_error( 'Unable to compress files: enable PHP "zip" extension or upgrade Wordpress (with pclzip)' ); } return $tmpfile->file; } class AsgardScanner { public $files = array(); public $hashlist = array(); public $result = array(); public $scanres = array(); public $malware = 0; public $unknown = 0; public function scan( $basepath ) { $this->files = array_values( array_filter( list_files( $basepath ), 'asgard_filter_target_file' ) ); $this->hashlist = array_values( array_map( 'asgard_content_hash', $this->files ) ); $res = asgard_send_hashes( $this->hashlist ); $toscan = array(); foreach ( $res as $index ) { $path = $this->files[abs( $index ) - 1]; $verdict = false; if ( $index < 0 ) { $toscan[] = $path; ++$this->unknown; } else { $this->result[$path] = 'Common Malware'; ++$this->malware; } } if ( count( $toscan ) > 0 ) { $zip = asgard_zip_files( $toscan, $basepath ); $scanres = asgard_scan_zip( $zip ); if ( $scanres && $scanres['match'] ) { foreach ( $scanres['verdict'] as $path => $verdict ) { $this->result[$basepath . $path] = $verdict; ++$this->malware; } } $this->scanres = $scanres; } } } function asgard_scan_files_callback() { echo '

'; $t = microtime( true ); $basepath = ABSPATH; $scanner = new AsgardScanner(); $scanner->scan( $basepath ); $scanned = count( $scanner->files ); $url = site_url( '/' ); $blacklist = asgard_blacklist_check( $url ); if ( !empty( $blacklist ) ) { ?>

Blacklist Check

Provider	Verdict
	', $bl['Verdict'] ); } else echo ( $bl['Verdict'] == 'NOT_FOUND' \|\| !$bl['Verdict'] ) ? 'Clean' : esc_html( $bl['Verdict'] ); ?>

Malware Deep Scan

' . sprintf( _n( '%d file scanned', '%d files scanned', $scanned, 'asgard' ), $scanned ) . ' in ' . sprintf( '%.3f', microtime( true ) - $t ). ' sec.

'; if ( !count( $scanner->result ) ) { echo '

No known malware in files found.

'; die; } ?> result as $path => $verdict ): ?>

Verdict	File

Scan time: sec

$action, 'site_url' => urlencode( $siteurl ), 'client' => urlencode( 'Wordpress ' . get_bloginfo( 'version' ) ), 'return_uri' => urlencode( admin_url( 'admin.php?page=asgard' ) ) ) ); return 'http://pro.asgardapi.appspot.com/unlock?' . $q; } function asgard_ep() { if ( !asgard_authkey() ) return; asgard_assets(); $ajax_nonce = wp_create_nonce( 'asgard-remove-malware' ); ?>

Asgard Security Scanner

Please, give us your feedback to team HipChat

'.nl2br( $verbose ).'

'; asgard_html_error( sprintf( 'POST %s: error=%s code=%d', $url, $errno, curl_error( $ch ) ) ); } $http_status = curl_getinfo( $ch, CURLINFO_HTTP_CODE ); if ( $http_status != 200 ) { echo '

'.nl2br( $verbose ).'

'; asgard_html_error( sprintf( 'POST %s error: code=%d. Please, try again later.', $url, $http_status ) ); } curl_close( $ch ); return json_decode( $result, true ); } function asgard_scan_zip( $path ) { return asgard_api_post( ASGARD_API . '/scan_zip', array( 'file' => '@' . $path ) ); } function asgard_blacklist_check( $url ) { $resp = wp_remote_get( 'https://asgardapi.com/safeurl/v2beta/lookup?url=' . urlencode( $url ), array() ); $result = json_decode( $resp['body'], true ); return is_array( $result['results'] ) ? $result['results'] : array(); } function asgard_send_hashes( $hashlist ) { $body = json_encode( array( 'hash' => $hashlist ) ); // send blog url and email for auth // TODO: hack for ext scan $plugin_info = is_admin() ? get_plugin_data( __FILE__ ) : array( 'Version'=>'' ); $q = build_query( array( 'locale' => get_locale(), 'checksum' => md5( $body ) , 'site_url' => site_url( '/' ) , 'admin_email' => get_option( 'admin_email' ) , 'wp_version' => get_bloginfo( 'version' ) , 'asgard_checksum' => ASGARD_CHECKSUM, 'asgard_version' => $plugin_info['Version'], ) ); $result = asgard_api_post( ASGARD_API . '/check?' . $q, $body, 'json' ); return is_array( $result['result'] ) ? $result['result'] : array(); }