<?php
/*
Plugin Name: AskApache Password Protect
Plugin URI: http://www.askapache.com/htaccess/htaccess-security-block-spam-hackers.html
Description: Advanced Security: Password Protection, Anti-Spam, Anti-Exploit, more to come...
Version: 4.5.2
Author: AskApache
Author URI: http://www.askapache.com/
*/


/**
 *	 AskApache Password Protect WordPress Plugin for .htaccess Files
 *	 Copyright (C) 2008  AskApache.com
 *
 *	 This program is free software: you can redistribute it and/or modify
 *	 it under the terms of the GNU General Public License as published by
 *	 the Free Software Foundation, either version 3 of the License, or
 *	 (at your option) any later version.
 *
 *	 This program is distributed in the hope that it will be useful,
 *	 but WITHOUT ANY WARRANTY; without even the implied warranty of
 *	 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *	 GNU General Public License for more details.
 *
 *	 You should have received a copy of the GNU General Public License
 *	 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */



/**
 * Methods return this if they succeed
 */
if (@defined('AA_PP_DEBUG')) return;
define('AA_PP_DEBUG', 0);



/**
 * Methods return this if they succeed
 */
define('ACLF', chr(13) . chr(10));



register_activation_hook(__FILE__, 'aa_pp_activate');
register_deactivation_hook(__FILE__, 'aa_pp_deactivate');

add_action('admin_menu', 'aa_pp_setup_options');

if (strpos($_SERVER['REQUEST_URI'], basename(__FILE__)) !== false)
{
	add_action('admin_head', 'aa_pp_admin_header');
	//error_reporting(E_ALL | E_NOTICE);
}else error_reporting(E_NONE);



/**
 * aa_pp_admin_header()
 *
 * @return
 */
function aa_pp_admin_header()
{
	global $wpdb, $aa_PP, $aa_SIDS;
	
	if (!current_user_can(8))
		die(__("You are not allowed to be here without upload permissions"));
		
	if (!user_can_access_admin_page())
		wp_die(__('You do not have sufficient permissions to access this page.'));

	$aa_PP = get_option('askapache_password_protect');
	$aa_SIDS = get_option('askapache_password_protect_sids');
	
	$f=aa_pp_get_post_values($aa_PP);

	update_option('askapache_password_protect', $aa_PP);
}

/**
 * Gets the POST values and checks them for errors
 *
 * @param array v the global aa_PP array
 * @return mixed true on success array of errors on fail
 */
function aa_pp_get_post_values($v)
{
	global $aa_PP, $aa_SIDS;
		
	$action = 'none';
	$errors=array();
	if(isset($_POST['notice']))
		unset($_POST['notice']);
		
	foreach(array('a_user','a_authdomain','a_authtype','a_algorithm','a_authname','a_authuserfile','a_step') as $k)
	{
		if(isset($_POST[$k]) && !empty($_POST[$k]) && $_POST[$k] != $v[$k])
			$v[substr($k,2)]=$_POST[$k];
	}

	
	foreach (array('activate-selected', 'deactivate-selected', 'delete-selected', 'm_move') as $action_key)
	{
		if (isset($_POST[$action_key]))
		{
			$action = $action_key;
			break;
		}
	}
	
	if($action=='m_move')
	{
		check_admin_referer('askapache-move-area');
		foreach(array('m_read','m_reset','m_sid','m_setup','m_test','m_welcome','m_contact') as $where)
		{
			if(isset($_POST[$where]))
			{
				$aa_PP['step']=substr($where,2);
				break;
			}
		}
		return true;
	}

	

	if (isset($_GET['deactivate-sid']))
		$action = 'deactivate-sid';
		
	if (isset($_GET['activate-sid']))
		$action = 'activate-sid';

	if (isset($v['authtype']) && !in_array($v['authtype'], array('Digest', 'Basic')))
		$errors[]='Incorrect authtype';

	if (isset($v['algorithm']) && !in_array($v['algorithm'], array('crypt', 'md5', 'sha1')))
		$errors[]='Incorrect algorithm';

	if(strpos($v['user'],':')!==false)
		$errors[]='Username cannot contain the : character';

	if (strlen($v['authname']) > 65)
		$errors[]='Authname cannot exceed 65 characters, yours was '.strlen($v['authname']).' characters';

	if ($v['authtype'] == 'Digest' && $v['algorithm'] != 'md5')
		$errors[]='Digest Authentication can only use the md5 algorithm';
			

	foreach(array($v['authuserfile'],$v['admin_htaccess'],$v['root_htaccess']) as $f)
	{
		if(strpos(basename($f),'.ht')===false)
			$errors[]='File names must start with .ht like .htaccess or .htpasswd3';

		if(file_exists($f) && !@is_writable($f))
			$errors[]='Please make '.$f.' writable and readable';
	}
	
	
	if(sizeof($errors)==0)
	{

		$aa_PP=$v;

		switch ($action)
		{
			case 'activate-sid':
				$sid = (int)$_GET['activate-sid'];
				check_admin_referer('activate-sid_' . $sid);
				if(!aa_pp_activate_sid($sid))
					$errors[]="Failed to activate sid {$sid}";
				echo '<span style="visibility:hidden;overflow:hidden;display:block;width:1px;height:1px;background-image:url("askapache-reset.bmp?' . rand(1, 1000) . '");"></span>';
				break;
			case 'deactivate-sid':
				$sid = (int)$_GET['deactivate-sid'];
				check_admin_referer('deactivate-sid_' . $sid);
				if(!aa_pp_deactivate_sid($sid))
					$errors[]="Failed to deactivate sid {$sid}";
				break;
			case 'activate-selected':
				check_admin_referer('askapache-bulk-sids');
				break;
			case 'deactivate-selected':
				check_admin_referer('askapache-bulk-sids');
				break;
		}


		if (isset($_POST['a_pass']))
		{
			if(!aa_pp_file_put_c($v['authuserfile'], aa_pp_hashit($v['authtype'], $v['user'], $_POST['a_pass'], $v['authname']), false))
					$errors[]='Failed to create '.$v['authuserfile'];
					
			if (isset($_POST['a_wpadmin_protection']))
			{
				$sid=20030002;
				if(!aa_pp_activate_sid($sid, $v['admin_htaccess']))
					$errors[]='Failed to activate sid {$sid}';
			}
			
			if (isset($_POST['a_wplogin_protection']))
			{
				$sid=20030001;
				if(!aa_pp_activate_sid($sid, $v['root_htaccess']))
					$errors[]='Failed to activate sid {$sid}';
			}
		}
	}
	
	if(sizeof($errors)>0)
	{
		@$_POST['notice']=join("<br />",$errors);
	}
	
	$aa_PP=$v;
	
	return true;
}




/**
 * aa_pp_main_page()
 *
 * @return
 */
function aa_pp_main_page()
{
	global $aa_PP, $aa_SIDS;
	
	?>
<form method="post" action="options-general.php?page=askapache-password-protect.php"><?php wp_nonce_field('askapache-move-area');?>
	<div class="tablenav">
		<div class="alignleft">
			<input type="submit" name="m_read" id="m_read" value="Htaccess Files" class="button-secondary" />
      <input type="submit" name="m_setup" id="m_setup" value="Password Configuration" class="button-secondary" />
      <input type="submit" name="m_sid" id="m_sid" value="SID Module Management" class="button-secondary" />
      <input type="submit" name="m_welcome" id="m_welcome" value="Self-Diagnostics" class="button-secondary" />
      <input type="submit" name="m_contact" id="m_contact" value="Improvements" class="button-secondary" />
      <input type="hidden" name="m_move" id="m_move" value="m_move" />
		</div>
    <p style="float:right; margin-top:0;padding-top:0;"><a href="http://www.askapache.com/htaccess/apache-htaccess.html">AskApache .htaccess Tutorial</a></p>
	</div>
	<br class="clear" />
</form>
<?php 
	if (isset($_POST['notice'])) echo '<div id="message" class="updated fade"><p>'.$_POST['notice'].'</p></div>';
		
	switch ($aa_PP['step'])
	{
		case 'contact':
			?>
		<div class="wrap">
		<h3>The SID Module Redesigned</h3>
		<p>I'm finally mostly happy with the system now used by this plugin to update/modify/and use the different modules.  The old code just wasn't future-proofed enough.  This new version is based very much off of the WordPress Plugins code, so it is future proofed.</p>
		<p>This "Improvements" page is the start of whats to come, Basically each of the security modules (and there are a LOT of great mod_security ones coming) will have their own very Basic settings.  So you can tweak the settings.  If someone finds an improvement they can send it for review.  New ideas and modules can be submitted here also.</p>
		</div>
			<?php
			break;
		case 'welcome':
			aa_pp_welcome_form();
			break;
		case 'test':
			aa_pp_run_tests();
			break;
		case 'setup':
			aa_pp_setup_form();
			break;
		case 'sid':
			aa_pp_sid_management();
			break;
		case 'reset':
			aa_pp_activate();
			break;
		case 'read':
			?>		
			<div class="wrap">
			<h3>Blog Root .htaccess</h3>
      <pre style="border:1px inset #999;">
			<?php
					if($rules=@explode("\n", @implode('', @file($aa_PP['root_htaccess'])))){
						foreach($rules as $line)echo htmlentities($line)."\n";
					}
			?>
			</pre>
			</div>
			<?php
			break;
		default:
			aa_pp_welcome_form();
			break;					
	}


	update_option('askapache_password_protect', $aa_PP);
}





/**
 * aa_pp_welcome_form()
 *
 * @return
 */
function aa_pp_welcome_form()
{

	aa_pp_htaccess_file_init();

?>
<div class="wrap">
	<h2>Test for Compatibility and Capability</h2>
	<form action="options-general.php?page=askapache-password-protect.php" method="post"><?php wp_nonce_field('askapache-passpro-form'); ?>
		<input type="hidden" id="a_step" name="a_step" value="test" />
		<table class="form-table">
			<tr>
				<td><p>First we need to run a series of tests on your server to determine what capabilities your site has and also to locate any potential installation problems.</p>
					<p>The tests will be run on temporary files I'll create in your /wp-content/askapache/ folder.  They will create .htaccess and .htpasswd files in that temp location and then use fsockopen networking functions to query those files.  This tells us exactly how your server handles .htaccess configurations, HTTP authentication schemes, Apache Module capability, etc..</p></td>
			</tr>
		</table>
		<p>Several tests send specially crafted HTTP requests which are designed to elicit very specific HTTP Protocol Responses to accurately determine your servers capabilities.</p>
		<p>Other important checks will run:  file permissions, function availability, much more boring testing.  The tests are fast and you can re-run them whenever you want.   If you'd like to see the action, define AA_PP_DEBUG to true in the source of this file. Good Luck!</p>
		<p class="submit"><input name="sub" type="submit" id="sub" value="Initiate Tests &raquo;" /></p>
	</form>
</div>
<?php
}

/**
 * aa_pp_setup_form()
 *
 * @return
 */
function aa_pp_setup_form()
{
	global $aa_PP, $aa_SIDS;
	$aa_SIDS_Active = aa_pp_active_sids();
	$active = array_values($aa_SIDS_Active);
	$is_wpadmin = (in_array(20030002, $active)) ? ' checked="checked"' : '';
	$is_wplogin = (in_array(20030001, $active)) ? ' checked="checked"' : '';

	?>
<div class="wrap">
	<h2>Setup Password Protection</h2>
	<form action="options-general.php?page=askapache-password-protect.php" method="post"><?php wp_nonce_field('askapache-passpro-form'); ?>
		<input type="hidden" id="a_step" name="a_step" value="sid" />
		<h3>Create User</h3>
		<table class="form-table">
			<tbody>
<!--				<tr valign="top">
					<th scope="row">Turn On / Off</th>
					<td><label for="a_wpadmin_protection"><input name="a_wpadmin_protection" id="a_wpadmin_protection" value="1" <?php	echo $is_wpadmin; ?> type="checkbox" /> &nbsp; <strong>Protect /wp-admin/</strong></label>
						<br />
						<label for="a_wplogin_protection"><input name="a_wplogin_protection" id="a_wplogin_protection" value="1" <?php echo $is_wplogin; ?> type="checkbox" /> &nbsp; Protect wp-login.php</label>
					</td>
				</tr>-->
				<tr valign="top">
					<th scope="row"><label for="a_user">Username</label></th>
					<td ><input size="40" name="a_user" type="text" id="a_user" value="<?php echo $aa_PP['user']; ?>" /></td>
				</tr>
				<tr valign="top">
					<th><label for="a_pass">Password</label></th>
					<td><input size="40" type="text" name="a_pass" id="a_pass" value="<?php if (isset($_POST['a_pass']) && !empty($_POST['a_pass'])) echo htmlentities($_POST['a_pass']); ?>" /><br /></td>
				</tr>
			</tbody>
		</table>
		<h3>Authentication Scheme</h3>
		<table class="form-table">
			<tr valign="top">
				<th scope="row">Choose Scheme </th>
				<td><fieldset>
						<p>
							<label><input name="a_authtype"  type="radio" value="Digest" <?php echo ($aa_PP['digest_support'] != 1) ? ' disabled="disabled"' : ' checked="checked"'; 
							?> /> <strong>Digest</strong> &#8212; Much better than Basic, MD5 crypto hashing with nonce's to prevent cryptanalysis.</label>
							<br />
							<label><input name="a_authtype" type="radio" value="Basic" <?php if ($aa_PP['basic_support'] != 1) echo ' disabled="disabled"'; else if ($aa_PP['digest_support'] != 1) echo ' checked="checked"'; 
							?> /> <strong>Basic</strong> &#8212; Cleartext authentication using a user-ID and a password for each authname.</label>
							<br /><br /> This is the mechanism by which your credentials are authenticated (Digest is <a href="http://tools.ietf.org/html/rfc2617">strongly preferred</a>) </p>
					</fieldset></td>
			</tr>
			</tbody>

		</table>
		<h3>Authentication Settings</h3>
		<table class="form-table">
			<tbody>
				<tr valign="top">
					<th scope="row"><label for="a_authuserfile">Password File Location</label></th>
					<td><input size="70" style="width: 85%;" class="wide code" name="a_authuserfile" id="a_authuserfile" type="text" value="<?php echo $aa_PP['authuserfile']; 
					?>" /><br /> Use a location inaccessible from a web-browser if possible. Do not put it in the directory that it protects. </td>
				</tr>
				<tr valign="top">
					<th scope="row"><label for="a_authname">Realm Name</label></th>
					<td><input size="70" style="width: 85%;" class="wide code"  name="a_authname" id="a_authname" type="text" value="<?php echo $aa_PP['authname']; 
					?>" /><br /> The authname or "Realm" serves two major functions. Part of the password dialog box. Second, it is used by the client to determine what password to send for a given authenticated area. </td>
				</tr>
				<tr valign="top">
					<th scope="row"><label for="a_authdomain">Protection Space Domains</label></th>
					<td><input size="70" style="width: 85%;" class="wide code" name="a_authdomain" id="a_authdomain" type="text" value="<?php echo $aa_PP['authdomain']; 
					?>" /><br />One or more URIs in the same protection space (i.e. use the same authname and username/password info).  The URIs may be either absolute or relative URIs.  Omitting causes client to send Authorization header for every request. </td>
				</tr>
			</tbody>
		</table>
		<h3>Encryption Preferences</h3>
		<table class="form-table">
			<tbody>
				<tr valign="top">
					<th scope="row">Password File Algorithm</th>
					<td><fieldset>
							<label><input type="radio" name="a_algorithm" value="crypt" id="a_algorithm_crypt"<?php 
	if ($aa_PP['crypt_support'] != 1)
		echo ' disabled="disabled"';
	else if ($aa_PP['algorithm'] == 'crypt' && $aa_PP['authtype'] != 'Digest')
		echo ' checked="checked"';
		?> /> <strong>CRYPT</strong> &#8212; Unix only. Uses the traditional Unix crypt(3) function with a randomly-generated 32-bit salt (only 12 bits used) and the first 8 characters of the password.</label>
							<br />
							<label><input type="radio" name="a_algorithm" value="md5" id="a_algorithm_md5"<?php
	if ($aa_PP['md5_support'] != 1)	
		echo ' disabled="disabled"';
	else if ($aa_PP['algorithm'] == 'md5')
		echo ' checked="checked"';
	?> /> <strong>MD5</strong> &#8212; Apache-specific algorithm using an iterated (1,000 times) MD5 Digest of various combinations of a random 32-bit salt and the password.</label>
							<br />
							<label><input type="radio" name="a_algorithm" value="sha1" id="a_algorithm_sha1"<?php
	if ($aa_PP['sha1_support'] != 1)
		echo ' disabled="disabled"';
	else if ($aa_PP['algorithm'] == 'sha1' && $aa_PP['authtype'] != 'Digest')
		echo ' checked="checked"';
	?> /> <strong>SHA1</strong> &#8212; Base64-encoded SHA-1 Digest of the password.</label>
							<br />
						</fieldset></td>
				</tr>
			</tbody>
		</table>
		<p>Note I do not store or save your password anywhere, so you will need to type it in each time you update this page.. for now.</p>
		<p class="submit"><input name="sub" type="submit" id="sub" value="Save Settings &raquo;" /></p>
	</form>
</div>
<?php
}


/**
 * aa_pp_sid_management()
 *
 * @return
 */
function aa_pp_sid_management()
{
	global $aa_PP, $aa_SIDS;
	
	$sids = array_keys($aa_SIDS);
	$sid_table = array();
	$active_sids = aa_pp_active_sids();

	$sid_table['password'] = $sid_table['general'] = $sid_table['antispam'] = $sid_table['wordpress_exploit'] = $sid_table['general_exploit']  = $sid_table['protection'] = array();
	$sid_table['active'] = array_values($active_sids);
	
	foreach ($sids as $sid)
	{
		$s=(string)$sid;
		switch ((int)$s{0})
		{
			case 1:
				$sid_table['protection'][]=$sid;
				break;
			case 2:
				$sid_table['password'][]=$sid;
				break;
			case 3:
				$sid_table['antispam'][]=$sid;
				break;
			case 4:
				$sid_table['wordpress_exploit'][]=$sid;
				break;
			case 5:
				$sid_table['general_exploit'][]=$sid;
				break;
			case 6:
				$sid_table['general'][]=$sid;
				break;
		}
	}
		?>

<div class="wrap">
	<h2>Manage Security Modules</h2>
	<p>Modules are inserted into your server .htaccess configuration files.  Once a plugin is installed, you may activate it or deactivate it here.</p>
	<p><br class="clear" /></p>
	<?php foreach(array_reverse($sid_table) as $n=>$arr) print_sids_table($arr, $n); ?>
</div>
<?php
}

/**
 * print_sids_table()
 *
 * @param mixed $plugins
 * @param string $context
 * @param mixed $title
 * @return
 */
function print_sids_table($sids, $context)
{
	global $aa_PP, $aa_SIDS;
	$aa_SIDS_Active = aa_pp_active_sids();
	if($context !== 'active')
	{
		$ns=array();
		$active = array_values($aa_SIDS_Active);
		foreach ($sids as $sid)
		{
			if(!in_array($sid, $active))
			$ns[]=$sid;
		}
		$sids=$ns;
		if(sizeof($sids)<1)return;
	}
	?>
<form method="post" action="options-general.php?page=askapache-password-protect.php"><?php wp_nonce_field('askapache-bulk-sids'); ?>
<div class="tablenav">
	<h3 style="text-align:right; width:70%; line-height:2em; margin:0;float:right;padding-right:30px;" id="current-<?php echo $context;?>"><?php echo $context; ?></h3>
	<br class="clear" />
</div>
<br class="clear" />
<table class="widefat" id="<?php echo $context; ?>-plugins-table">
	<thead>
		<tr>
			<th scope="col">Name</th>
			<th scope="col">Description</th>
			<th scope="col">Response</th>
			<th scope="col">Apache Modules</th>
			<th scope="col">File</th>
			<th scope="col" class="action-links">Action</th>
		</tr>
	</thead>
	<tbody class="plugins">
	<?php
	foreach ($sids as $sid)
	{
		$st=$oya='';
		$the_sid=$aa_SIDS[$sid];
		$is_active = (in_array($sid, $active)) ? 1 : 0;
		$file_title=($the_sid['File']=='root') ? $aa_PP['root_htaccess'] : $aa_PP['admin_htaccess'];
		
		if($context=='active')
		{
			$st='active';
			$oya=$the_sid['Type'].'<br />';
			$action_links = '<a href="' . wp_nonce_url('options-general.php?page=askapache-password-protect.php&amp;deactivate-sid=' . $sid, 'deactivate-sid_' . $sid) . '" class="delete">' . __('Deactivate').'</a>';
		}
		else $action_links = '<a href="' . wp_nonce_url('options-general.php?page=askapache-password-protect.php&amp;activate-sid=' . $sid, 'activate-sid_' . $sid) . '" class="edit">' . __('Activate').'</a>';
		
		echo "<tr class='{$st}'>
					<td class='name' style='width:200px;'>".$oya."<dfn style='font-style:normal;color:#D54E21;' title='SID: ".$sid." Version: ".$the_sid['Version']."'>".$the_sid['Name']."</dfn></td>
					<td class='desc' style='width:450px;'><p>".$the_sid['Description']."</p></td>
					<td class='vers'>".$the_sid['Response']."</td>
					<td class='file'>".$the_sid['Module']."</td>
					<td class='file'><dfn style='font-style:normal;color:#9999DD;' title='".$file_title."'>".$the_sid['File']."</dfn></td>
					<td class='action-links'>".$action_links.'</td></tr>';
	}
	?>
	</tbody>
</table>
</form>
<p><br class="clear" /></p>
<?php
}



/**
 * aa_pp_active_sids()
 *
 * @param mixed $file
 * @param string $sid
 * @return
 */
function aa_pp_active_sids($file = false)
{
	global $aa_PP, $aa_SIDS;

	$result = array();
	$files = array($aa_PP['root_htaccess'], $aa_PP['admin_htaccess']);
	foreach ($files as $f)
	{
		if(!is_readable($f))return false;
		if ($markerdata = @explode("\n", @implode('', @file($f))))
		{
			foreach ($markerdata as $line)
			{
				if (strpos($line, "# +SID ") !== false) $result[] = (int)str_replace('# +SID ', '', rtrim($line));
			}
		}
	}

	return array_unique($result);
}



/**
 * aa_pp_gen_sid()
 *
 * @param mixed $incoming
 * @return
 */
function aa_pp_gen_sid($incoming)
{
	global $aa_PP, $aa_SIDS;

	if ($aa_PP['authtype'] == 'Basic') $replacement = 'AuthType %authtype%%n%AuthName "%authname%"%n%AuthUserFile %authuserfile%%n%Require user %user%';
	else $replacement = 'AuthType %authtype%%n%AuthName "%authname%"%n%AuthDigestDomain %authdomain%%n%AuthDigestFile %authuserfile%%n%Require valid-user';

	$aa_S = array('%n%', '%authname%', '%user%', '%authuserfile%', '%relative_root%', '%scheme%', '%authdomain%', '%host%', '%authtype%', '%generate_auth%');

	$aa_R = array("\n", $aa_PP['authname'], $aa_PP['user'], $aa_PP['authuserfile'], $aa_PP['root_path'], $aa_PP['scheme'], $aa_PP['authdomain'], $aa_PP['host'], $aa_PP['authtype'], $replacement);

	return str_replace($aa_S, $aa_R, str_replace($aa_S, $aa_R, $incoming));
}

/**
 * aa_pp_deactivate_sid()
 *
 * @param mixed $sid
 * @param mixed $file
 * @return
 */
function aa_pp_deactivate_sid($sid, $mark='SID ',$file = false)
{
	global $aa_PP,$aa_SIDS;
	
	if (!$file)
	{
		$the_sid=$aa_SIDS[(int)$sid];
		$file=($the_sid['File']=='root') ? $aa_PP['root_htaccess'] : $aa_PP['admin_htaccess'];
	}
	
	$file = (@is_readable($file)) ? realpath(rtrim($file, '/')) : rtrim($file, '/');
	if (!is_readable($file) || !is_writable($file))  return aa_pp_debug("{$file} not readable/writable by aa_pp_deactivate_sid for {$the_sid['Name']}");
	
	aa_pp_notify("Deleting {$the_sid['Name']} from {$file}");

	$result = array();
	if ($markerdata = @explode("\n", @implode('', @file($file))))
	{
		$state = false;
		if (!$f = @fopen($file, 'w')) return aa_pp_debug("aa_pp_deactivate_sid couldnt fopen {$file}");

		foreach ($markerdata as $n => $line)
		{
			if (strpos($line, "# +{$mark}{$sid}") !== false)				$state = true;
			if (!$state)  fwrite($f, $line . "\n");
			if (strpos($line, "# -{$mark}{$sid}") !== false)				$state = false;
		}
	}
	
	@$_POST['notice']="Successfully Deactivated {$the_sid['Name']}";
		
	return fclose($f);
}

/**
 * aa_pp_activate_sid()
 *
 * @param mixed $sid
 * @param mixed $file
 * @return
 */
function aa_pp_activate_sid($sid, $file = false)
{
	global $aa_PP, $aa_SIDS;
	$the_sid=$aa_SIDS[(int)$sid];
	
	if (!$file) $file=($the_sid['File']=='root') ? $aa_PP['root_htaccess'] : $aa_PP['admin_htaccess'];
		
	$file = (@is_readable($file)) ? realpath(rtrim($file, '/')) : rtrim($file, '/');
	if (!is_readable($file) || !is_writable($file))  return aa_pp_debug("{$file} not readable/writable by aa_pp_activate_sid for {$the_sid['Name']}");
	
	aa_pp_notify("Activating {$the_sid['Name']} to {$file}");

	$rules = aa_pp_gen_sid(explode("\n", $the_sid['Rules']));

	if(!aa_pp_insert_sids($file, $sid, $rules)) @$_POST['notice']="Failed to Activate {$the_sid['Name']}";
	else
	{
		@$_POST['notice']="Successfully Activated {$sid}: &quot;{$the_sid['Name']}&quot;<br /><pre>";
		foreach($rules as $line)@$_POST['notice'].=htmlentities($line);
		@$_POST['notice'].='</pre>';
	}
	return true;
}





function aa_pp_htaccess_file_init($file=false)
{
	global $aa_PP;
	
	if(!$file) $files=array($aa_PP['admin_htaccess'],$aa_PP['root_htaccess']);
	else $files=array($file);
	 	
	foreach($files as $file)
	{
		$wordp=$new=$jot=array();
		$aapasspro=$wpg=$s=false;
	
		$ot = array(
		'# +ASKAPACHE PASSPRO ' . $aa_PP['plugin_data']['Version'],
		'#######################################################',
		'#               __                          __',
		'#   ____ ______/ /______ _____  ____ ______/ /_  ___',
		'#  / __ `/ ___/ //_/ __ `/ __ \/ __ `/ ___/ __ \/ _ \ ',
		'# / /_/ (__  ) ,< / /_/ / /_/ / /_/ / /__/ / / /  __/',
		'# \__,_/____/_/|_|\__,_/ .___/\__,_/\___/_/ /_/\___/',
		'#                   /_/',
		'# - - - - - - - - - - - - - - - - - - - - - - - - - - -', 
		'# +APRO SIDS',
		'# -APRO SIDS',
		'# - - - - - - - - - - - - - - - - - - - - - - - - - - -', 
		'#               __                          __',
		'#   ____ ______/ /______ _____  ____ ______/ /_  ___',
		'#  / __ `/ ___/ //_/ __ `/ __ \/ __ `/ ___/ __ \/ _ \ ',
		'# / /_/ (__  ) ,< / /_/ / /_/ / /_/ / /__/ / / /  __/',
		'# \__,_/____/_/|_|\__,_/ .___/\__,_/\___/_/ /_/\___/',
		'#                   /_/',
		'#######################################################', 
		'# -ASKAPACHE PASSPRO ' . $aa_PP['plugin_data']['Version']);

		$markerdata = (is_writable(dirname($file)) && touch($file)) ? @explode("\n", @implode('', @file($file))) : false;
	
		if($markerdata)
		{
			foreach ($markerdata as $line)
			{
			
				if(strpos($line, '# BEGIN WordPress')!==false) $s=$wpg=true;
				
				if($s===true) $wordp[]=$line;
				
				if(strpos($line, '# END WordPress')!==false)
				{
					$s=false;
					continue;
				}
			
				if(!$s) $new[]=$line;
			
				if(strpos($line, '# +ASKAPACHE PASSPRO')!==false) $aapasspro=true;
			}
		}
	
		if (!$aapasspro)
		{
			if($wpg) $jot=array_merge($new,$ot,$wordp);
			else $jot=array_merge($markerdata,$ot);

			if (!$f = @fopen($file, 'w'))return aa_pp_debug("aa_pp_htaccess_file_init couldnt fopen {$file}");

			$pr = join("\n", $jot);
			if (!@fwrite($f, $pr, strlen($pr))) return aa_pp_debug("aa_pp_htaccess_file_init couldnt fwrite {$file}");
			
			fclose($f);
		}
	}
	
	return true;
}





/**
 * aa_pp_insert_mark()
 *
 * @param mixed $file
 * @param mixed $marker
 * @param mixed $insertion
 * @param mixed $backup
 * @return
 */
function aa_pp_insert_mark($file, $marker, $insertion, $backup = false)
{
	global $aa_PP;

	$file = (@is_readable($file)) ? realpath(rtrim($file, '/')) : rtrim($file, '/');
	if (!is_writable($file) && @!chmod($file, 0666) && !@touch($file)) return aa_pp_debug("aa_pp_insert_mark could not write, create, or touch {$file}");
	if ($backup) $backedup = aa_pp_backup($file, $file . '-' . time());

	aa_pp_notify("Inserting {$marker} array to {$file}");
	$oldone = $foundit = false;
	$out = array();
	if (!is_array($insertion) || (is_array($insertion) && count($insertion) < 1))
	{
		aa_pp_notify("aa_pp_insert_mark1 called without array, creating one for {$marker}");
		$my = array("# +{$marker}", "", "# -{$marker}");
	}
	else
	{
		$my = array();
		$my[] = "# +{$marker}";
		foreach ($insertion as $l) $my[] = $l;
		$my[] = "# -{$marker}";
	}

	if (!$f = @fopen($file, 'w')) return aa_pp_debug("aa_pp_insert_mark couldnt fopen {$file}");
	$pr = join("\n", $my);
	if (!@fwrite($f, $pr, strlen($pr))) return aa_pp_debug("aa_pp_insert_mark couldnt fwrite {$file}");
	fwrite($f, $out, strlen($out));
	fclose($f);
	return true;
}

/**
 * aa_pp_insert_sids()
 *
 * @param mixed $file
 * @param mixed $marker
 * @param mixed $insertion
 * @param mixed $backup
 * @return
 */
function aa_pp_insert_sids($file, $marker, $insertion, $backup = false)
{
	global $aa_PP;

	$file = (@is_readable($file)) ? realpath(rtrim($file, '/')) : rtrim($file, '/');
	if (!is_writable($file) && @!chmod($file, 0666) && !@touch($file)) return aa_pp_debug("aa_pp_insert_sids could not write, create, or touch {$file}");
	if ($backup) $backedup = aa_pp_backup($file, $file . '-' . time());

	aa_pp_notify("Inserting {$marker} array to {$file}");
	$foundit = false;
	$out = array();
	if (!is_array($insertion) || (is_array($insertion) && count($insertion) < 1))
	{
		aa_pp_notify("aa_pp_insert_sids called without array, creating one for {$marker}");
		$my = array("# +SID {$marker}", "", "# -SID {$marker}");
	}
	else
	{
		$my = array();
		$my[] = "# +SID {$marker}";
		foreach ($insertion as $l) $my[] = $l;
		$my[] = "# -SID {$marker}";
	}


	if ($markerdata = @explode("\n", @implode('', @file($file))))
	{
		if (!$f = @fopen($file, 'w')) return aa_pp_debug("aa_pp_insert_sids couldnt fopen {$file}");
			
		$state = $s = $found = false;
		foreach ($markerdata as $line)
		{
			if (strpos($line, '-ASKAPACHE PASSPRO') !== false)
			{
				fwrite($f, $line);
				continue;
			}

			if (strpos($line, "# +APRO SIDS") !== false)
			{
				$s = true;
				fwrite($f, $line . "\n");
				continue;
			}

			if (strpos($line, "# -APRO SIDS") !== false)
			{
				$s = false;
				if (!$found)
				{
					foreach ($my as $in) fwrite($f, $in . "\n");
				}
				fwrite($f, $line . "\n");
				continue;
			}

			if (!$s) fwrite($f, $line . "\n");
			else
			{
				if (strpos($line, "# +SID {$marker}") !== false) $state = true;
				if (!$state)fwrite($f, $line . "\n");
				if (strpos($line, "# -SID {$marker}") !== false)
				{
					$state = false;
					$found = true;
					foreach ($my as $in) fwrite($f, $in . "\n");
				}
			}
		}
		fclose($f);
	}

	return true;
}

/**
 * aa_pp_mkdir()
 *
 * @param mixed $dirname
 * @return
 */
function aa_pp_mkdir($dirname)
{
	@umask(0);
	aa_pp_notify("Creating directory {$dirname}");
	if (is_dir($dirname) || @wp_mkdir_p($dirname)) return true;
	if (is_writable($dirname) && @wp_mkdir_p($dirname)) return true;

	return(@mkdir($dirname, 0777)) ? true : aa_pp_debug("failed to create directory {$dirname}");
}

/**
 * aa_pp_unlink()
 *
 * @param mixed $f
 * @param mixed $backup
 * @return
 */
function aa_pp_unlink($f, $backup = false)
{
	@umask(0);
	$f = (@is_readable($f)) ? realpath(rtrim($f, '/')) : rtrim($f, '/');
	aa_pp_notify("Deleting {$f} in aa_pp_unlink");

	if (!@file_exists($f)) return true;
	else
	{
		if ($backup) $backedup = aa_pp_backup($f, $f . '-' . time());
		return(@chmod($f, 0777) && @unlink($f)) ? true : (@chmod(dirname($f), 0777) && @unlink($f)) ? true : aa_pp_debug("Failed to delete {$f} in aa_pp_unlink");
	}
}

/**
 * aa_pp_backup()
 *
 * @param mixed $f
 * @param mixed $bf
 * @return
 */
function aa_pp_backup($f, $bf)
{
	aa_pp_notify("aa_pp_backup: Backing up {$f} to {$bf}");
	if (!@copy($f, $bf))

		aa_pp_notify("Failed to backup {$f} to {$bf} using copy");
	elseif (!@rename($f, $bf))
		return aa_pp_debug("Failed to backup {$f} to {$bf} using rename");
	return true;
}

/**
 * aa_pp_file_put_c()
 *
 * @param mixed $file
 * @param mixed $content
 * @param mixed $backup
 * @return
 */
function aa_pp_file_put_c($file, $content, $backup = false)
{
	@umask(0);
	$f = (@is_readable($file)) ? realpath(rtrim($file, '/')) : rtrim($file, '/');
	aa_pp_notify("Creating {$f} with aa_pp_file_put_c");

	if (file_exists($f) && is_readable($f))
	{
		if ($backup)
			$backedup = aa_pp_backup($f, $f . '-' . time());
		aa_pp_unlink($f, 0);
	}

	if (aa_pp_checkfunction("file_put_contents"))
		return @file_put_contents($f, $content);
	if (!$fh = @fopen($f, 'wb'))
		return aa_pp_debug("couldnt fopen {$f}");
	if (!@fwrite($fh, $content, strlen($content)))
	{
		fclose($fh);
		return aa_pp_debug("Failed to fwrite to {$f} in aa_pp_file_put_c");
	}
	fclose($fh);

	return true;
}

/**
 * aa_pp_readfile()
 *
 * @param mixed $file
 * @param mixed $g
 * @return
 */
function aa_pp_readfile($file, $g = true)
{
	@umask(0);
	$f = (@is_readable($file)) ? realpath(rtrim($file, '/')) : rtrim($file, '/');
	aa_pp_notify("Reading {$f} in aa_pp_readfile");

	if (!$fh = @fopen($f, 'rb'))
		return aa_pp_debug("couldnt fopen {$f}");
	if (!$filecontent = @fread($fh, @filesize($f)))
	{
		fclose($fh);
		return aa_pp_debug("Failed to fread {$f} in aa_pp_readfile");
	}
	fclose($fh);

	if (!$g)
		return $filecontent;
	else
		echo htmlspecialchars($filecontent);
}






/**
 * aa_pp_hashit()
 *
 * @param mixed $algorithm
 * @param string $user
 * @param string $pass
 * @param string $authname
 * @return
 */
function aa_pp_hashit($algorithm, $user = '', $pass = '', $authname = '')
{
	global $aa_PP, $aa_SIDS;

	$hash = $tmp = '';
	aa_pp_notify('Creating ' . $algorithm . ' Hash in aa_pp_hashit');

	switch (strtoupper($algorithm))
	{
		case 'DIGEST':
			$hash = $user . ":" . $authname . ":" . md5($user . ":" . $authname . ":" . $pass);
			break;
		case 'CRYPT':
			$seed = null;
			for ($i = 0; $i < 8; $i++)
			$seed .= substr('0123456789abcdef', rand(0, 15), 1);
			$hash = "{$user}:" . crypt($pass, "$" . $seed);
			break;
		case 'SHA1':
			$hash = $user . ':{SHA}' . base64_encode(pack("H*", sha1($pass)));
			break;
		case 'MD5':
			$saltt = substr(str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789"), 0, 8);
			$len = strlen($pass);
			$text = $pass . '$apr1$' . $saltt;
			$bin = pack("H32", md5($pass . $saltt . $pass));
			for ($i = $len; $i > 0; $i -= 16)
			$text .= substr($bin, 0, min(16, $i));
			for ($i = $len; $i > 0; $i >>= 1)

			$text .= ($i &1) ? chr(0) : $pass{0};
			$bin = pack("H32", md5($text));
			for ($i = 0; $i < 1000; $i++)
			{
				$new = ($i &1) ? $pass : $bin;
				if ($i % 3)
					$new .= $saltt;
				if ($i % 7)
					$new .= $pass;
				$new .= ($i &1) ? $bin : $pass;
				$bin = pack("H32", md5($new));
			}
			for ($i = 0; $i < 5; $i++)
			{
				$k = $i + 6;
				$j = $i + 12;
				if ($j == 16)
					$j = 5;
				$tmp = $bin[$i] . $bin[$k] . $bin[$j] . $tmp;
			}
			$tmp = chr(0) . chr(0) . $bin[11] . $tmp;
			$tmp = strtr(strrev(substr(base64_encode($tmp), 2)), "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
			$hash = $user . ':$apr1$' . $saltt . '$' . $tmp;
			break;
	}

	return $hash;
}



/**
 * aa_pp_checkfunction()
 *
 * @param mixed $func
 * @return
 */
function aa_pp_checkfunction($func)
{
	return(!function_exists($func) || @in_array($func, @explode(',', @ini_get('disable_functions')))) ? aa_pp_debug("{$func} disabled or not found") : true;
}

/**
 * aa_pp_run_tests()
 *
 * @return
 */
function aa_pp_run_tests()
{
	global $wpdb, $wp_version, $aa_PP, $aa_SIDS;

	$home = get_option('siteurl');
	$hu = str_replace($aa_PP['scheme'] . '://', '', $home);
	$uri = $aa_PP['scheme'] . '://' . rtrim(str_replace($aa_PP['root_path'], '', $hu), '/');
	$test_root_path = $aa_PP['root_path'] . 'wp-content/' . basename($aa_PP['test_dir']) . '/';
	$test_url_base = $uri . $test_root_path;
	$home_path = rtrim(get_home_path(), '/') . '/';
	$basic_authuserfile = $aa_PP['test_dir'] . '/.htpasswda1';
	$digest_authuserfile = $aa_PP['test_dir'] . '/.htpasswda2';

	$img = pack("H*", "47494638396101000100910000000000ffffffffffff00000021f90405140002002c00000000010001000002025401003b");
	$aok = '<strong style="color:#319F52;background-color:#319F52;">[  ]</strong> ';
	$fail = '<strong style="color:#CC0000;background-color:#CC0000;">[  ]</strong> ';
	$info = '<strong style="color:#9999DD;background-color:#9999DD;">[  ]</strong> ';
	$warn = '<strong style="color:#E6DB55;background-color:#E6DB55;">[  ]</strong> ';
	$m_s = '<h4 style="font-weight:normal">';
	$m_e = '</h4>';

	$test_htaccess_rules = array(
	"ErrorDocument 401 {$test_root_path}test.gif", 
	"ErrorDocument 403 {$test_root_path}test.gif", 
	"ErrorDocument 404 {$test_root_path}test.gif", 
	"ErrorDocument 500 {$test_root_path}test.gif", 
	"<IfModule mod_alias.c>", 
	'RedirectMatch 305 ^.*modaliastest$ ' . $home, "</IfModule>", 
	"<IfModule mod_rewrite.c>", 
	"RewriteEngine On", 
	"RewriteBase /", 
	'RewriteCond %{QUERY_STRING} modrewritetest [NC]', 
	'RewriteRule .* ' . $home . ' [R=307,L]', 
	"</IfModule>", 
	"<IfModule mod_security.c>", 
	"SecFilterEngine On", 
	'SecFilter modsecuritytest "deny,nolog,noauditlog,status:503"', 
	"</IfModule>", 
	'<Files basic_auth_test.gif>', 
	'AuthName "askapache test"', 
	"AuthUserFile " . $basic_authuserfile, 
	"AuthType Basic", 
	"Require valid-user", 
	'</Files>', 
	'<Files digest_check.gif>', 
	'<IfModule !mod_auth_digest.c>', 
	'Deny from All', 
	'</IfModule>', 
	'</Files>', 
	'<Files digest_auth_test.gif>', 
	'<IfModule mod_auth_digest.c>', 
	'AuthType Digest', 
	'AuthName "askapache test"', 
	"AuthDigestDomain {$test_root_path} {$test_url_base}", 
	"AuthDigestFile " . $digest_authuserfile, 
	'Require valid-user', 
	'</IfModule>', 
	'</Files>');

?>
<div class="wrap">
<h2>Test Results</h2>
<br /><h2 style="font-size:16px;">Compatibility Checks</h2>
<p>Checks different software to make sure its compatible with this plugin.</p>
<?php
	$msg=($wp_version < 2.6) ? $info : $aok;
	echo $m_s . $msg . " WordPress Version " . $wp_version . $m_e;

	$apache_version = preg_replace('|Apache/?([0-9.-]*?) (.*)|i', '\\1', $_SERVER['SERVER_SOFTWARE']);
	$msg=(strlen($apache_version) == 0) ? $info : $aok;
	echo $m_s . $msg . " Apache Version:  " . $apache_version . $m_e;

	$msg=(@version_compare(phpversion(), '4.1.0', '<=')) ? $info : $aok;
	echo $m_s . $msg . " PHP Version " . phpversion() . $m_e;
	?>
  
<br /><br /><h2 style="font-size:16px;">Required Checks</h2>
<p>The tests performed by this page are currently required to determine your servers capabilities to make sure we don't crash your server.  The utmost care was taken to make these tests work for everyone running Apache, which is crazy hard because we are testing server configuration settings programmatically from a php binary without access to server configuration settings.</p>
<p>So we achieve this by modifying your server's .htaccess configuration file and then making special HTTP requests to your server which result in specific HTTP responses which tell us if the configuration changes failed or succeeded.  The most widely allowed (by web hosts) and compatible 4+5 php function that provides access to sockets is fsockopen, so it is required.  The next version will fallback to curl, but if your web host has disabled fsockopen you can bet you don't have curl.</p>
<?php
	$netok = $atest = (aa_pp_checkfunction('fsockopen')) ? 1 : 0;
	$msg=($atest) ? $aok : $fail;
	echo $m_s . $msg . " Fsockopen Networking Functionality" . $m_e;
?>


<br /><br /><h2 style="font-size:16px;">File Permission Tests</h2>
<p>If any of these checks fail this plugin will not work.  Both your /.htaccess and /wp-admin/.htaccess files must be writable for this plugin, those are the only 2 files this plugin absolutely must be able to modify.  If any of the other checks fail you will need to manually create a folder named askapache in your /wp-content/ folder and make it writable.</p>
<?php
	$htaccess_test1 = $atest = (@is_writable($aa_PP['admin_htaccess']) || @touch($aa_PP['admin_htaccess'])) ? 1 : 0;
	$msg=($atest) ? $aok : $fail;
	echo $m_s . $msg . " /wp-admin/.htaccess file writable" . $m_e;

	$htaccess_test2 = $atest = (@is_writable($aa_PP['root_htaccess']) || @touch($aa_PP['root_htaccess'])) ? 1 : 0;
	$msg=($atest) ? $aok : $fail;
	echo $m_s . $msg . " /wp-admin/.htaccess file writable" . $m_e;

	$atest = (aa_pp_mkdir($aa_PP['test_dir'])) ? 1 : 0;
	$msg=($atest) ? $aok : $fail;
	echo $m_s . $msg . " Creating test folder" . $m_e;

	$atest = (@is_writable($aa_PP['test_dir']) || @chmod($aa_PP['test_dir'], 766)) ? 1 : 0;
	$msg=($atest) ? $aok : $fail;
	echo $m_s . $msg . " Test folder writable" . $m_e;

	$atest = (aa_pp_insert_mark($aa_PP['test_dir'] . '/.htpasswda1', 'AskApache PassPro', array())) ? 1 : 0;
	$msg=($atest) ? $aok : $fail;
	echo $m_s . $msg . " Basic Auth htpasswd file writable" . $m_e;

	$msg=($atest) ? $aok : $fail;
	$atest = (aa_pp_insert_mark($aa_PP['test_dir'] . '/.htpasswda2', 'AskApache PassPro', array())) ? 1 : 0;
	echo $m_s . $msg . " Digest Auth htpasswd file writable" . $m_e;

	aa_pp_htaccess_file_init($aa_PP['test_dir'] . '/.htaccess');
	$atest = (aa_pp_insert_sids($aa_PP['test_dir'] . '/.htaccess', 'Test', $test_htaccess_rules)) ? 1 : 0;
	echo $m_s . $msg . " .htaccess test file writable" . $m_e;
?>


<br /><br /><h2 style="font-size:16px;">Encryption Function Tests</h2>
<p>Your php installation should have all of these.  The md5 is the only one absolutely required, otherwise I can't create the neccessary password files for you.</p>
<?php
	$aa_PP['crypt_support'] = $atest = (aa_pp_checkfunction('crypt')) ? 1 : 0;
	$msg=($atest) ? $aok : $warn;
	echo $m_s . $msg . " CRYPT Encryption Function Available" . $m_e;

	$aa_PP['md5_support'] = $atest = (aa_pp_checkfunction('md5')) ? 1 : 0;
	$msg=($atest) ? $aok : $fail;
	echo $m_s . $msg . " MD5 Encryption Function Available" . $m_e;

	$aa_PP['sha1_support'] = $atest = (aa_pp_checkfunction('sha1')) ? 1 : 0;
	$msg=($atest) ? $aok : $warn;
	echo $m_s . $msg . " SHA1 Encryption Function Available" . $m_e;
?>


<br /><br /><h2 style="font-size:16px;">.htaccess Capabilities</h2>
<p>These tests determine with a high degree of accuracy whether or not your server is able to handle .htaccess files, and also checks for various Apache modules that extend the functionality of this plugin.  The 2 modules you really want to have are mod_rewrite and mod_auth_digest.  In future versions of this plugin, we will be utilizing the advanced security features of mod_security more and more, so if you don't have it, bug your web host about it non-stop ;)</p>
<?php
	$atest = (aa_pp_file_put_c($aa_PP['test_dir'] . "/test.gif", $img) 
	&& aa_pp_file_put_c($aa_PP['test_dir'] . "/basic_auth_test.gif", $img) 
	&& aa_pp_file_put_c($aa_PP['test_dir'] . "/digest_auth_test.gif", $img) 
	&& aa_pp_file_put_c($aa_PP['test_dir'] . "/digest_check.gif", $img)) ? 1 : 0;
	$msg=($atest) ? $aok : $fail;
	echo $m_s . $msg . " Creating .htaccess test files" . $m_e;

	$tester = new AskApache_Net;
	$aa_PP['htaccess_support'] = $atest = ($tester->sockit("{$test_url_base}test.gif") == 200) ? 1 : 0;
	$msg=($atest) ? $aok : $fail;
	echo $m_s . $msg . " .htaccess files allowed" . $m_e;

	$tester = new AskApache_Net;
	$aa_PP['mod_alias_support'] = $atest = ($tester->sockit("{$test_url_base}modaliastest") == 305) ? 1 : 0;
	$msg=($atest) ? $aok : $warn;
	echo $m_s . $msg . " mod_alias detection" . $m_e;

	$tester = new AskApache_Net;
	$aa_PP['mod_rewrite_support'] = $atest = ($tester->sockit("{$test_url_base}test.gif?modrewritetest=1") == 307) ? 1 : 0;
	$msg=($atest) ? $aok : $warn;
	echo $m_s . $msg . " mod_rewrite detection" . $m_e;

	$tester = new AskApache_Net;
	$aa_PP['mod_security_support'] = $atest = ($tester->sockit("{$test_url_base}test.gif?modsecuritytest") == 503) ? 1 : 0;
	$msg=($atest) ? $aok : $warn;
	echo $m_s . $msg . " mod_security detection" . $m_e;

	$tester = new AskApache_Net;
	$aa_PP['mod_auth_digest_support'] = $atest = ($tester->sockit("{$test_url_base}digest_check.gif") == 200) ? 1 : 0;
	$msg=($atest) ? $aok : $warn;
	echo $m_s . $msg . " mod_auth_digest detection" . $m_e;
?>

<br /><br /><h2 style="font-size:16px;">HTTP Digest Authentication</h2>
<p>Now we know the encryption and apache module capabilities of your site.  This test literally logs in to your server using Digest Authenticationts, providing the ultimate answer as to if your server supports this scheme.</p>
<?php
	if ($aa_PP['mod_auth_digest_support'] != 0 && $aa_PP['md5_support'] != 0)
	{
		$digest_htpasswds = array(aa_pp_hashit('DIGEST', "testDIGEST", "testDIGEST", "askapache test"));
		$atest = (aa_pp_insert_mark($digest_authuserfile, 'AskApache PassPro Test', $digest_htpasswds)) ? 1 : 0;
		$msg=($atest) ? $aok : $fail;
		echo $m_s . $msg . " Creating Digest htpasswd test file" . $m_e;

		$tester = new AskApache_Net;
		$tester->authtype = '';
		$tester->sockit(str_replace('://', '://testDIGEST:testDIGEST@', $test_url_base) . 'digest_auth_test.gif');
		$tester->authtype = 'Digest';
		$rg = ($tester->sockit(str_replace('://', '://testDIGEST:testDIGEST@', $test_url_base) . 'digest_auth_test.gif') == 200) ? 1 : 0;

		$tester = new AskApache_Net;
		$rb = ($tester->sockit($test_url_base . 'digest_auth_test.gif') == 401) ? 1 : 0;
		$aa_PP['digest_support'] = $atest = ($rb && $rg) ? 1 : 0;
		$msg=($atest) ? $aok : $fail;
		echo $m_s . $msg . " Digest Authentication Attempt" . $m_e;
	}
	else echo $m_s . $msg . $fail . " Major bummer... you don't have mod_auth_digest! (included in apache since 1.1)" . $m_e;
?>


<br /><br /><h2 style="font-size:16px;">Basic Authentication Encryption Algorithms</h2>
<p>Basic Authentication uses the .htpasswd file to store your encrypted password.  These checks perform actual logins to your server using a different .htpasswd encryption each time.</p>
<?php
	$basic_htpasswds = array();
	if ($aa_PP['crypt_support'] != 0) $basic_htpasswds[] = aa_pp_hashit('CRYPT', 'testCRYPT', 'testCRYPT');
	if ($aa_PP['md5_support'] != 0) $basic_htpasswds[] = aa_pp_hashit('MD5', 'testMD5', 'testMD5');
	if ($aa_PP['sha1_support'] != 0) $basic_htpasswds[] = aa_pp_hashit('SHA1', 'testSHA1', 'testSHA1');

	$atest = (aa_pp_insert_mark($basic_authuserfile, 'AskApache PassPro Test', $basic_htpasswds)) ? 1 : 0;
	$msg=($atest) ? $aok : $fail;
	echo $m_s . $msg . " Creating Basic htpasswd test file" . $m_e;

	$tester = new AskApache_Net;
	$rb = ($tester->sockit($test_url_base . 'basic_auth_test.gif') == 401) ? 1 : 0;

	if ($aa_PP['crypt_support'] != 0)
	{
		$tester = new AskApache_Net;
		$rg = ($tester->sockit(str_replace('://', '://testCRYPT:testCRYPT@', $test_url_base) . 'basic_auth_test.gif') == 200) ? 1 : 0;
		$aa_PP['crypt_support'] = $atest = ($rb && $rg) ? 1 : 0;
		$msg=($atest) ? $aok : $fail;
		echo $m_s . $msg . " Basic Authentication Attempt using Crypt Encryption" . $m_e;
	}

	if ($aa_PP['md5_support'] != 0)
	{
		$tester = new AskApache_Net;
		$rg = ($tester->sockit(str_replace('://', '://testMD5:testMD5@', $test_url_base) . 'basic_auth_test.gif') == 200) ? 1 : 0;
		$aa_PP['md5_support'] = $atest = ($rb && $rg) ? 1 : 0;
		$msg=($atest) ? $aok : $fail;
		echo $m_s . $msg . " Basic Authentication Attempt using MD5 Encryption" . $m_e;
	}

	if ($aa_PP['sha1_support'] != 0)
	{
		$tester = new AskApache_Net;
		$rg = ($tester->sockit(str_replace('://', '://testSHA1:testSHA1@', $test_url_base) . 'basic_auth_test.gif') == 200) ? 1 : 0;
		$aa_PP['sha1_support'] = $atest = ($rb && $rg) ? 1 : 0;
		$msg=($atest) ? $aok : $fail;
		echo $m_s . $msg . " Basic Authentication Attempt using SHA1 Encryption" . $m_e;
	}

	$aa_PP['basic_support'] = $atest = ($aa_PP['sha1_support'] != 0 || $aa_PP['md5_support'] != 0 || $aa_PP['crypt_support'] != 0) ? 1 : 0;
	$msg=($atest) ? $aok : $warn;
	echo $m_s . $msg . " Basic Authentication Access Scheme Supported" . $m_e;
?>


<br /><br /><h2 style="font-size:16px;">PHP.ini Information</h2>
<p>Some information about your php.ini settings.  The following settings <strong>may</strong> need to be tweaked.  Likely they are fine.</p>
<?php

	$phpini = @get_cfg_var('cfg_file_path');
	echo $m_s . $info . $phpini . $m_e;
	
	$open_basedir = @ini_get('open_basedir');
	$msg=(empty($open_basedir)) ? $aok : $info;
	echo $m_s . $msg . " open_basedir on/off {$open_basedir}" . $m_e;

	$safe_mode = @ini_get('safe_mode');
	$msg=(empty($safe_mode)) ? $aok : $warn;
	echo $m_s . $msg . " safe_mode on/off {$safe_mode}" . $m_e;

	$disabled_functions = @ini_get('disable_functions');
	$msg=(empty($disabled_functions)) ? $aok : $warn;
	echo $m_s . $msg . " disable_functions {$disabled_functions}" . $m_e;

	update_option('askapache_password_protect', $aa_PP);
	
	
	echo '<br class="clear" /><form action="options-general.php?page=askapache-password-protect.php" method="post">';
	wp_nonce_field('askapache-passpro-form');
	if (!$htaccess_test1 || !$htaccess_test2 || !$netok || $aa_PP['htaccess_support'] != 1)
	{
		echo '<p>Im very sorry, but unless you can resolve the failed requirements above you cannot utilize this plugin at this time. :( </p>';
		echo '<p>Change the AA_PP_DEBUG to true in the source code of this plugin for verbose reasons why these tests failed.</p>';
		echo '<input type="hidden" id="a_step" name="a_step" value="test" />';
		echo '<p class="submit"><input name="sub" type="submit" id="sub" value="Run Tests Again &raquo;" /></p>';
	}
	else
	{
		echo '<input type="hidden" id="a_step" name="a_step" value="setup" />';
		echo '<p class="submit"><input name="sub" type="submit" id="sub" value="Continue to Setup &raquo;" /></p>';
	}
	echo '</form><br class="clear" /><br class="clear" /><br class="clear" />';
	echo '</div>';
	
	foreach (array('.htaccess', '.htpasswda1', '.htpasswda2', 'basic_auth_test.gif', 'digest_auth_test.gif', 'test.gif', 'digest_check.gif') as $f)	aa_pp_unlink($aa_PP['test_dir'] . '/' . $f);
	@rmdir($aa_PP['test_dir']);

}

/**
 * aa_pp_setup_options()
 *
 * @return
 */
function aa_pp_setup_options()
{
	add_filter('plugin_action_links', 'aa_pp_plugin_settings', 10, 2);
	add_options_page(__('AskApache Password Protection', 'askapache-password-protection'), __('AA PassPro', 'askapache-password-protection'), 8, basename(__FILE__), 'aa_pp_main_page');
}

/**
 * aa_pp_plugin_settings()
 *
 * @param mixed $links
 * @param mixed $file
 * @return
 */
function aa_pp_plugin_settings($links, $file)
{
	static $this_plugin;
	if (!$this_plugin)
		$this_plugin = plugin_basename(__FILE__);
	if ($file == $this_plugin)
		$links = array_merge(array('<a href="' . attribute_escape('options-general.php?page=askapache-password-protect.php') . '">Settings</a>'), $links);
	return $links;
}

/**
 * aa_pp_deactivate()
 *
 * @return
 */
function aa_pp_deactivate()
{
	global $aa_PP, $aa_SIDS;
	$aa_PP = get_option('askapache_password_protect');
	$aa_SIDS = get_option('askapache_password_protect_sids');
	$aa_SIDS_Active = aa_pp_active_sids();
	$active_sids = array_values($aa_SIDS_Active);

	aa_pp_deactivate_sid('PASSPRO','ASKAPACHE ',$aa_PP['root_htaccess']);
	aa_pp_deactivate_sid('PASSPRO','ASKAPACHE ',$aa_PP['admin_htaccess']);

	foreach (array('.htaccess', '.htpasswda1', '.htpasswda2', 'basic_auth_test.gif', 'digest_auth_test.gif', 'test.gif', 'digest_check.gif') as $f)
		aa_pp_unlink($aa_PP['test_dir'] . '/' . $f);
	
	@rmdir($aa_PP['test_dir']);

	delete_option('askapache_password_protect');
	delete_option('askapache_password_protect_sids');
}

/**
 * aa_pp_activate()
 *
 * @return
 */
function aa_pp_activate()
{
	global $aa_PP, $aa_SIDS;
	$aa_PP = $s = $aa_SIDS = array();

	$oldoptions = array('aa_home_folder', 'aa_wpadmin_folder', 'aa_htpasswd_file', 'aa_htaccess_file', 'aa_original_htpasswd', 'aa_original_htaccess', 'aa_plugin_message', 'aa_plugin_version', 'aa_home', 'aa_wpadmin', 'aa_htpasswd_f', 'aa_htaccess_f', 'aa_user', 'aa_plugin_message', 'aa_home_folder', 'aa_wpadmin_folder', 'aa_htpasswd_file', 'aa_htaccess_file', 'aa_original_htpasswd', 'aa_original_htaccess', 'aa_plugin_message', 'aa_plugin_version', 'aa_pp_docroot_htaccess', 'aa_pp_wp_includes_htaccess', 'aa_pp_wp_content_htaccess', 'aa_pp_wp_includes_htaccess', 'aa_pp_main_base64', 'aa_pp_ok');
	foreach ($oldoptions as $option)
		delete_option($option);

	$home = get_option('siteurl');
	$su = parse_url($home);
	$path = (!isset($su['path']) || empty($su['path'])) ? '/' : rtrim($su['path'], '/') . '/';
	$scheme = (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' && $su['scheme'] == 'https') ? 'https' : 'http';
	$home_path = rtrim(get_home_path(), '/') . '/';
	$hu = str_replace($scheme . '://', '', $home);
	$url = $scheme . '://' . rtrim(str_replace($path, '', $hu), '/');

	$authdomain = "{$path}wp-admin/ {$url}{$path}wp-admin/";

	update_option('askapache_password_protect', array(
	'step' => 'welcome', 
	'plugin_data' => get_plugin_data(__FILE__), 
	'scheme' => $scheme, 
	'host' => $su['host'], 
	'root_path' => $path, 
	'home_path' => $home_path, 
	'test_dir' => $home_path . 'wp-content/askapache', 
	'root_htaccess' => $home_path . '.htaccess', 
	'admin_htaccess' => $home_path . 'wp-admin/.htaccess', 
	'authdomain' => $authdomain, 
	'authname' => 'Protected By AskApache', 
	//'user' => '', 
	//'authtype' => '', 
	'authuserfile' => $home_path . '.htpasswd', 
	'algorithm' => 'md5',
	'htaccess_support' => 0, 
	'mod_alias_support' => 0, 
	'mod_rewrite_support' => 0, 
	'mod_security_support' => 0, 
	'mod_auth_digest_support' => 0, 
	'basic_support' => 0, 
	'digest_support' => 0, 
	'crypt_support' => 0, 
	'sha1_support' => 0, 
	'md5_support' => 0
	));
	
	/*
	$types=array(
		1 => 'Protection',
		2 => 'Password',
		3 => 'Anti-Spam',
		4 => 'WordPress Exploit',
		5 => 'General Exploit'
		6 => 'General',
	);
	
	$files=array(
		0 => 'root_htaccess',
		1 => 'admin_htaccess',
		2 => 'other'
	);
	
	$modules=array(
		0 => 'core',
		1 => 'mod_rewrite',
		2 => 'mod_alias',
		3 => 'mod_security',
		4 => 'mod_setenv' //Apache 1.3 and above; the Request_Protocol keyword and environment-variable matching are only available with 1.3.7 and later; use in .htaccess files only supported with 1.3.13 and later
	);
	
	$response=array(
		0 => 'none',
		1 => '503 Service Temporarily Unavailable',
		2 => '505 HTTP Version Not Supported',
		3 => '401 Authorization Required',
		4 => '403 Forbidden',
		5 => '405 Method Not Allowed'
	
	);
	*/

	// type - file - module - response
	update_option('askapache_password_protect_sids',array(
		60000001 => array(
		'Version'=>'1.3',
		'Name'=>'Directory Protection',
		'Description'=>'Enable the DirectoryIndex Protection, preventing directory index listings and defaulting.',
		'Rules'=>	
							'Options -Indexes%n%'.
							'DirectoryIndex index.html index.php %relative_root%index.php'
		),
		
		60000002 => array(
		'Version'=>'1.0', 
		'Name'=>'Loop Stopping Code', 
		'Description'=>'Stops Internal Redirect Loops', 
		'Rules'=>
							'RewriteCond %{ENV:REDIRECT_STATUS} 200%n%'.
							'RewriteRule .* - [L]%n%'
		),

		10140001 => array(
		'Version'=>'1.1', 
		'Name'=>'Stop Hotlinking', 
		'Description'=>'Denies any request for static files (images, css, etc) if referrer is not local site or empty.', 
		'Rules'=>
							'RewriteCond %{HTTP_REFERER} !^$%n%'.
							'RewriteCond %{REQUEST_URI} !^%relative_root%(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]%n%'.
							'RewriteCond %{HTTP_REFERER} !^%scheme%://%host%.*$ [NC]%n%'.
							'RewriteRule \.(ico|pdf|flv|jpg|jpeg|mp3|mpg|mp4|mov|wav|wmv|png|gif|swf|css|js)$ - [F,NS,L]'
		),


		20030001 => array(
		'Version'=>'1.3', 
		'Name'=>'Password Protect wp-login.php', 
		'Description'=>'Requires a valid user/pass to access the login page..', 
		'Rules'=>
							'<Files wp-login.php>%n%'.
							'Order Deny,Allow%n%'.
							'Deny from All%n%'.
							'Satisfy Any%n%'.
							'%generate_auth%%n%'.
							'</Files>'
		),

		21030002 => array(
		'Version'=>'1.3', 
		'Name'=>'Password Protect wp-admin', 
		'Description'=>'Requires a valid user/pass to access any non-static (css, js, images) file in this directory...', 
		'Rules'=>
							'Order Deny,Allow%n%'.
							'Deny from All%n%'.
							'Satisfy Any%n%'.
							'%generate_auth%%n%'.
							'<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|mp3|mpg|mp4|mov|wav|wmv|png|gif|swf|css|js)$">%n%'.
							'Allow from All%n%'.
							'</FilesMatch>%n%'.
							'<FilesMatch "(async-upload|admin-ajax)\.php$">%n%'.
							'<IfModule mod_security.c>%n%'.
							'SecFilterEngine Off%n%'.
							'</IfModule>%n%'.
							'Allow from All%n%'.
							'</FilesMatch>'
		),

		30140003 => array(
		'Version'=>'1.1', 
		'Name'=>'Forbid Proxies',
		'Description'=>'Denies POST Request using a Proxy Server. Can access site, but not comment. See <a href="http://perishablepress.com/press/2008/04/20/how-to-block-proxy-servers-via-htaccess/">Perishable Press</a>', 
		'Rules'=>
							'RewriteCond %{HTTP:VIA}%{HTTP:FORWARDED}%{HTTP:USERAGENT_VIA}%{HTTP:X_FORWARDED_FOR}%{HTTP:PROXY_CONNECTION} !^$ [OR]%n%'.
							'RewriteCond %{HTTP:XPROXY_CONNECTION}%{HTTP:HTTP_PC_REMOTE_ADDR}%{HTTP:HTTP_CLIENT_IP} !^$%n%'.
							'RewriteCond %{REQUEST_URI} !^%relative_root%(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]%n%'.
							'RewriteCond %{REQUEST_METHOD} =POST%n%'.
							'RewriteRule .* - [F,NS,L]'
		),

		30140004 => array(
		'Version'=>'1.1', 
		'Name'=>'Real wp-comments-post.php',
		'Description'=>'Denies any POST attempt made to a non-existing wp-comments-post.php..', 
		'Rules'=>
							'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ %relative_root%.*/wp-comments-post\.php.*\ HTTP/ [NC]%n%'.
							'RewriteRule .* - [F,NS,L]'
		),

		30140005 => array(
		'Version'=>'1.1', 
		'Name'=>'BAD Content Length',
		'Description'=>'Denies any POST request that doesnt have a Content-Length Header..', 
		'Rules'=>
							'RewriteCond %{REQUEST_METHOD} =POST%n%'.
							'RewriteCond %{REQUEST_URI} !^%relative_root%(wp-admin/|wp-content/plugins/|wp-includes/).* [NC]%n%'.
							'RewriteCond %{HTTP:Content-Length} ^$%n%'.
							'RewriteRule .* - [F,NS,L]'
		),

		30140006 => array(
		'Version'=>'1.1', 
		'Name'=>'BAD Content Type',
		'Description'=>'Denies any POST request with a content type other than application/x-www-form-urlencoded|multipart/form-data..', 
		'Rules'=>
							'RewriteCond %{REQUEST_METHOD} =POST%n%'.
							'RewriteCond %{REQUEST_URI} !^%relative_root%(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]%n%'.
							'RewriteCond %{HTTP:Content-Type} !^(application/x-www-form-urlencoded|multipart/form-data.*(boundary.*)?)$ [NC]%n%'.
							'RewriteRule .* - [F,NS,L]'
		),

		30140007 => array(
		'Version'=>'1.1', 
		'Name'=>'NO HOST:',
		'Description'=>'Denies requests that dont contain a HTTP HOST Header...', 
		'Rules'=>
							'RewriteCond %{REQUEST_URI} !^%relative_root%(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]%n%'.
							'RewriteCond %{HTTP_HOST} ^$%n%'.
							'RewriteRule .* - [F,NS,L]'
		),

		30140008 => array(
		'Version'=>'1.1', 
		'Name'=>'No UserAgent, No Post',
		'Description'=>'Denies POST requests by blank user-agents. May prevent a small number of visitors from POSTING.', 
		'Rules'=>
							'RewriteCond %{REQUEST_METHOD} =POST%n%'.
							'RewriteCond %{REQUEST_URI} !^%relative_root%(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]%n%'.
							'RewriteCond %{HTTP_USER_AGENT} ^-?$%n%'.
							'RewriteRule .* - [F,NS,L]'
		),

		30140009 => array(
		'Version'=>'1.1', 
		'Name'=>'No Referer, No Comment',
		'Description'=>'Denies any comment attempt with a blank HTTP_REFERER field, highly indicative of spam. May prevent some visitors from POSTING.', 
		'Rules'=>
							'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*/wp-comments-post\.php.*\ HTTP/ [NC]%n%'.
							'RewriteCond %{HTTP_REFERER} ^-?$%n%'.
							'RewriteRule .* - [F,NS,L]'
		),

		30140010 => array(
		'Version'=>'1.1', 
		'Name'=>'Trackback Spam',
		'Description'=>'Denies obvious trackback spam.  See <a href="http://ocaoimh.ie/2008/07/03/more-ways-to-stop-spammers-and-unwanted-traffic/">Holy Shmoly!</a>', 
		'Rules'=>
							'RewriteCond %{HTTP_USER_AGENT} ^.*(opera|mozilla|firefox|msie|safari).*$ [NC,OR]%n%'.
							'RewriteCond %{HTTP_USER_AGENT} ^-?$%n%'.
							'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.+/trackback/?\ HTTP/ [NC]%n%'.
							'RewriteCond %{REQUEST_METHOD} =POST%n%'.
							'RewriteRule .* - [F,NS,L]'
		),

		40140011 => array(
		'Version'=>'1.2', 
		'Name'=>'Protect wp-content',
		'Description'=>'Denies any Direct request for files ending in .php with a 403 Forbidden.. May break plugins/themes', 
		'Rules'=>
							'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ %relative_root%wp-content/.*$ [NC]%n%'.
							'RewriteCond %{REQUEST_FILENAME} !^.+(flexible-upload-wp25js|media)\.php$%n%'.
							'RewriteCond %{REQUEST_FILENAME} ^.+\.(php|html|htm|txt)$%n%'.
							'RewriteRule .* - [F,NS,L]'
		),

		40140012 => array(
		'Version'=>'1.2', 
		'Name'=>'Protect wp-includes',
		'Description'=>'Denies any Direct request for files ending in .php with a 403 Forbidden.. May break plugins/themes', 
		'Rules'=>
							'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ %relative_root%wp-includes/.*$ [NC]%n%'.
							'RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ %relative_root%wp-includes/js/.+/.+\ HTTP/ [NC]%n%'.
							'RewriteCond %{REQUEST_FILENAME} ^.+\.php$%n%'.
							'RewriteRule .* - [F,NS,L]'
		),

		40140013 => array(
		'Version'=>'1.1', 
		'Name'=>'Common Exploit',
		'Description'=>'Block common exploit requests with 403 Forbidden. These can help alot, may break some plugins.', 
		'Rules'=>
							'RewriteCond %{REQUEST_URI} !^%relative_root%(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]%n%'.
							'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ ///.*\ HTTP/ [NC,OR]%n%'.
							'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.+\?\=?(http|ftp|ssl|https):/.*\ HTTP/ [NC,OR]%n%'.
							'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\?.*\ HTTP/ [NC,OR]%n%'.
							'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(asp|ini|dll).*\ HTTP/ [NC,OR]%n%'.
							'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(htpasswd|htaccess|aahtpasswd).*\ HTTP/ [NC]%n%'.
							'RewriteRule .* - [F,NS,L]'
		),

		50140001 => array(
		'Version'=>'1.1', 
		'Name'=>'Safe Request Methods',
		'Description'=>'Denies any request not using <a href="/online-tools/request-method-scanner/">GET,PROPFIND,POST,OPTIONS,PUT,HEAD</a>..', 
		'Rules'=>
							'RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|POST|PROPFIND|OPTIONS|PUT)$ [NC]%n%'.
							'RewriteRule .* - [F,NS,L]'
		),

		50140002 => array(
		'Version'=>'1.1', 
		'Name'=>'HTTP PROTOCOL',
		'Description'=>'Denies any badly formed HTTP PROTOCOL in the request, 0.9, 1.0, and 1.1 only..', 
		'Rules'=>
							'RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ .+\ HTTP/(0\.9|1\.0|1\.1) [NC]%n%'.
							'RewriteRule .* - [F,NS,L]'
		),

		50140003 => array(
		'Version'=>'1.1', 
		'Name'=>'SPECIFIC CHARACTERS',
		'Description'=>'Denies any request for a url containing characters other than "a-zA-Z0-9.+/-?=&" - REALLY helps but may break your site depending on your links.', 
		'Rules'=>
							'RewriteCond %{REQUEST_URI} !^%relative_root%(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]%n%'.
							'RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ [A-Z0-9\.\+_/\-\?\=\&\%\#]+\ HTTP/ [NC]%n%'.
							'RewriteRule .* - [F,NS,L]'
		),

		50140004 => array(
		'Version'=>'1.1', 
		'Name'=>'Directory Traversal',
		'Description'=>'Denies Requests containing ../ or ./. which is a directory traversal exploit attempt..', 
		'Rules'=>
							'RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ .*([\.]+[\.]+).*\ HTTP/ [NC]%n%'.
							'RewriteRule .* - [F,NS,L]'
		),

		50140005 => array(
		'Version'=>'1.1', 
		'Name'=>'PHPSESSID Cookie',
		'Description'=>'Only blocks when a PHPSESSID cookie is sent by the user and it contains characters other than 0-9a-z..', 
		'Rules'=>
							'RewriteCond %{HTTP_COOKIE} ^.*PHPSESS?ID.*$%n%'.
							'RewriteCond %{HTTP_COOKIE} !^.*PHPSESS?ID=([0-9a-z]+);.*$%n%'.
							'RewriteRule .* - [F,NS,L]'
		),

		50140006 => array(
		'Version'=>'1.1', 
		'Name'=>'Bogus Graphics Exploit',
		'Description'=>'Denies obvious exploit using bogus graphics..', 
		'Rules'=>
							'RewriteCond %{HTTP:Content-Disposition} \.php [NC]%n%'.
							'RewriteCond %{HTTP:Content-Type} image/.+ [NC]%n%'.
							'RewriteRule .* - [F,NS,L]')
		)
	);
	
	$aa_SIDS = get_option('askapache_password_protect_sids');
	$sids=array_keys($aa_SIDS);
	foreach ($sids as $sid)
	{
		$newinfo=aa_pp_sid_info($sid);
		$aa_SIDS[$sid]=array_merge($aa_SIDS[$sid],$newinfo);
	}
	
	Update_option('askapache_password_protect_sids',$aa_SIDS);
}


/*
	$aok = '<strong style="color:#319F52;background-color:#319F52;">[  ]</strong> ';
	$fail = '<strong style="color:#CC0000;background-color:#CC0000;">[  ]</strong> ';
	$info = '<strong style="color:#9999DD;background-color:#9999DD;">[  ]</strong> ';
	$warn = '<strong style="color:#E6DB55;background-color:#E6DB55;">[  ]</strong> ';
*/

function aa_pp_sid_info($sid)
{
	// type - file - module - response
	$sid=(string)$sid;
	
	$types=array(
		1 => 'Protection',
		2 => 'Password',
		3 => 'Anti-Spam',
		4 => 'WordPress Exploit',
		5 => 'General Exploit',
		6 => 'General'
	);
	
	$files=array(
		0 => 'root',
		1 => 'wp-admin',
		2 => 'other'
	);
	
	$modules=array(
		0 => 'core',
		1 => 'mod_rewrite',
		2 => 'mod_alias',
		3 => 'mod_security',
		4 => 'mod_setenv' //Apache 1.3 and above; the Request_Protocol keyword and environment-variable matching are only available with 1.3.7 and later; use in .htaccess files only supported with 1.3.13 and later
	);
	
	$response=array(
		0 => 'none',
		1 => '503 Service Temporarily Unavailable',
		2 => '505 HTTP Version Not Supported',
		3 => '401 Authorization Required',
		4 => '403 Forbidden',
		5 => '405 Method Not Allowed'
	);

	return array('Type' => $types[$sid{0}], 'File' => $files[$sid{1}], 'Module' => $modules[$sid{2}], 'Response' => $response[$sid{3}]);
}


/**
 * aa_pp_debug()
 *
 * @param string $message
 * @return
 */
function aa_pp_debug($message = '')
{
	$log_error = ( ! aa_pp_checkfunction('error_log') ) ? 0 : 1;
	
	$log_file = @ini_get('error_log');
	if ( !empty($log_file) && ('syslog' != $log_file) && !is_writable($log_file) )
		$log_error = false;
		
	if ( $log_error )
			@error_log(ltrim("PHP AA Error: {$message}"), 0);

	return false;
}



/**
 * aa_pp_notify()
 *
 * @param string $message
 * @return
 */
function aa_pp_notify($message = '')
{
	if(!AA_PP_DEBUG)
		return true;
		
	$log_error = ( ! aa_pp_checkfunction('error_log') ) ? 0 : 1;
	
	$log_file = @ini_get('error_log');
	if ( !empty($log_file) && ('syslog' != $log_file) && !is_writable($log_file) )
		$log_error = false;
		
	if ( $log_error )
			@error_log("PHP AA Info: {$message}", 0);
}

if (!class_exists("AskApache_Net"))
{
	/**
	 * AskApache_Net
	 *
	 * @package
	 * @author AskApache
	 * @copyright Copyright (c) 2008
	 * @version $Id$
	 * @access public
	 */

	class AskApache_Net
	{
		var $socket = array('protocol' => '1.0', 'method' => 'GET', 'ua' => 'Mozilla/5.0 (compatible; AskApache_Net/1.0; http://www.askapache.com)', 'referer' => 'http://www.askapache.com', 'port' => '80', 'url' => '', 'scheme' => '', 'host' => '', 'ip' => '', 'user' => '', 'pass' => '', 'path' => '', 'query' => '', 'fragment' => '');

		var $Digests = array('realm' => '', 'nonce' => '', 'uri' => '', 'algorithm' => 'MD5', 'qop' => 'auth', 'opaque' => '', 'domain' => '', 'nc' => '00000001', 'cnonce' => '82d057852a9dc497', 'A1' => '', 'A2' => '', 'response' => '');

		var $dh = '';
		var $authtype = 'Basic';
		var $error = '';
		var $request = '';
		var $request_headers = array();
		var $response = '';
		var $response_headers = array();
		var $response_code = '';
		var $time_start = null;
		var $redo_Digest = false;
		var $did_Digest = false;

		var $_fp = null;
		var $_speed = 24576;
		var $_chunks = 256;
		var $_maxlength = 4096;
		var $_fp_timeout = 10;
		var $_read_timeout = 45;

		/**
		 * AskApache_Net::sockit()
		 *
		 * @param mixed $URI
		 * @return
		 */
		function sockit($URI)
		{
			if (AA_PP_DEBUG)
				error_log($URI);

			if (!$this->_build_sock($URI))
				return false;

			if (!$this->_connect())
				return false;

			if (!$this->_build_request())
				return false;

			if (!$this->_set_sock_time())
				echo "Failed setting socket timeout, not a big deal.";

			$this->set_speed(24);

			if (!$this->_tx())
				return false;

			$this->_rx();

			$this->get_response_code();

			$this->_disconnect();

			if (AA_PP_DEBUG)
			{
				echo '<pre>';
				print_r($this->request_headers);
				print_r($this->response_headers);
				echo '</pre>';
			}

			return(int)$this->response_code;
		}

		/**
		 * AskApache_Net::get_response_code()
		 *
		 * @return
		 */
		function get_response_code()
		{
			$status = null;
			preg_match('/HTTP.*([0-9]{3}).*/', $this->response_headers[0], $status);
			$this->response_code = $status[1];

			return $this->response_code;
		}

		/**
		 * AskApache_Net::get_response_headers()
		 *
		 * @return
		 */
		function get_response_headers()
		{
			return $this->response_headers;
		}

		/**
		 * AskApache_Net::get_response_body()
		 *
		 * @return
		 */
		function get_response_body()
		{
			return $this->response;
		}

		/**
		 * AskApache_Net::set_speed()
		 *
		 * @param mixed $speed
		 * @return
		 */
		function set_speed($speed)
		{
			$this->_speed = round($speed * 1024);
		}

		/**
		 * AskApache_Net::_connect()
		 *
		 * @return
		 */
		function _connect()
		{
			$fp = null;
			if (false === ($fp = @fsockopen($this->socket['ip'], $this->socket['port'], $errno, $errstr, $this->_fp_timeout)) || !is_resource($fp))
			{
				switch ($errno)
				{
					case - 3:
						$err = "Socket creation failed";
						break;
					case - 4:
						$err = "DNS lookup failure";
						break;
					case - 5:
						$err = "Connection refused or timed out";
						break;
					case 111:
						$err = "Connection refused";
						break;
					case 113:
						$err = "No route to host";
						break;
					case 110:
						$err = "Connection timed out";
						break;
					case 104:
						$err = "Connection reset by client";
						break;
					default:
						$err = "Connection failed";
						break;
				}
				echo "Fsockopen failed! [{$errno}] {$err} ({$errstr})";
				return false;
			}

			$this->_fp = $fp;

			return true;
		}

		/**
		 * AskApache_Net::_disconnect()
		 *
		 * @return
		 */
		function _disconnect()
		{
			return(@fclose($this->_fp));
		}

		/**
		 * AskApache_Net::_rx()
		 *
		 * @return
		 */
		function _rx()
		{
			$buf = $response = '';
			while (!feof($this->_fp) && $buf = @fread($this->_fp, $this->_speed))
			{
				$response .= $buf;
				sleep(1);
			}
			$g = strpos($response, ACLF . ACLF);
			$headers = substr($response, 0, $g);
			$this->response = substr($response, $g, (strlen($response) - $g));
			$this->response_headers = explode(ACLF, $headers);
		}

		/**
		 * AskApache_Net::_tx()
		 *
		 * @param mixed $request
		 * @return
		 */
		function _tx($request = null)
		{
			$g = false;
			$g = (!is_null($request)) ? @fwrite($this->_fp, $request, strlen($request)) : @fwrite($this->_fp, $this->request, strlen($this->request));
			return(bool)$g;
		}

		/**
		 * AskApache_Net::_build_sock()
		 *
		 * @param mixed $url
		 * @return
		 */
		function _build_sock($url)
		{
			if (!$u_bits = parse_url($url))
				return false;

			if (AA_PP_DEBUG)
			{
				echo '<pre>';
				print_r($u_bits);
				echo '</pre>';
			}

			if (empty($u_bits['url']))
				$u_bits['url'] = (!empty($this->socket['url'])) ? $this->socket['url'] : 'url';

			if (empty($u_bits['method']))
				$u_bits['method'] = (!empty($this->socket['method'])) ? $this->socket['method'] : 'GET';

			if (empty($u_bits['protocol']))
				$u_bits['protocol'] = (!empty($this->socket['protocol'])) ? $this->socket['protocol'] : '1.0';

			if (empty($u_bits['host']))
				$u_bits['host'] = (!empty($this->socket['host'])) ? $this->socket['host'] : $_SERVER['HTTP_HOST'];

			if (empty($u_bits['ip']))
				$u_bits['ip'] = (!empty($this->socket['ip'])) ? $this->socket['ip'] : $this->_get_ip($u_bits['host']);

			if (empty($u_bits['scheme']))
				$u_bits['scheme'] = (!empty($this->socket['scheme'])) ? $this->socket['scheme'] : 'http';

			if (empty($u_bits['port']))
				$u_bits['port'] = (!empty($this->socket['port'])) ? $this->socket['port'] : $_SERVER['SERVER_PORT'];

			if (empty($u_bits['path']))
				$u_bits['path'] = (!empty($this->socket['path'])) ? $this->socket['path'] : '/';

			if (empty($u_bits['ua']))
				$u_bits['ua'] = (!empty($this->socket['ua'])) ? $this->socket['ua'] : 'Mozilla/5.0 (compatible; AskApache_Net/1.0; http://www.askapache.com)';

			if (empty($u_bits['referer']))
				$u_bits['referer'] = (!empty($this->socket['referer'])) ? $this->socket['referer'] : 'http://www.askapache.com';

			if (!empty($u_bits['user']))
				$this->socket['user'] = $u_bits['user'];
			else
				$u_bits['user'] = (!empty($this->socket['user'])) ? $this->socket['user'] : '';

			if (!empty($u_bits['pass']))
				$this->socket['pass'] = $u_bits['pass'];
			else
				$u_bits['pass'] = (!empty($this->socket['pass'])) ? $this->socket['pass'] : '';

			if (empty($u_bits['fragment']))
				$u_bits['fragment'] = (!empty($this->socket['fragment'])) ? $this->socket['fragment'] : '';

			if (!empty($u_bits['query']))
				$u_bits['path'] .= '?' . $u_bits['query'];
			else
				$u_bits['path'] .= (!empty($this->socket['query'])) ? '?' . $this->socket['query'] : '';

			if (AA_PP_DEBUG)
			{
				echo '<pre>';
				print_r($u_bits);
				echo '</pre>';
			}

			$this->socket = $u_bits;

			return true;
		}

		/**
		 * AskApache_Net::_build_request()
		 *
		 * @return
		 */
		function _build_request()
		{
			$_request_headers = array();
			$_request_headers[] = $this->socket['method'] . " " . $this->socket['path'] . " HTTP/" . $this->socket['protocol'];
			$_request_headers[] = "Host: " . $this->socket['host'];
			$_request_headers[] = "User-Agent: " . $this->socket['ua'];
			$_request_headers[] = 'Accept: application/xhtml+xml,text/html;q=0.9,*/*;q=0.5';
			$_request_headers[] = 'Accept-Language: en-us,en;q=0.5';
			$_request_headers[] = 'Accept-Encoding: none';
			$_request_headers[] = 'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7';
			$_request_headers[] = 'Referer: ' . $this->socket['referer'];
			if (!empty($this->socket['user']) && !empty($this->socket['pass']))
			{
				if ($this->authtype == 'Basic')
					$_request_headers[] = 'Authorization: Basic ' . base64_encode($this->socket['user'] . ":" . $this->socket['pass']);
				elseif ($this->authtype == 'Digest')
					$_request_headers[] = $this->getDigest();
			}

			$this->request_headers = $_request_headers;
			$this->request = join(ACLF, $_request_headers) . ACLF . ACLF;
			return true;
		}

		/**
		 * AskApache_Net::_get_ip()
		 *
		 * @param mixed $host
		 * @return
		 */
		function _get_ip($host)
		{
			$hostip = @gethostbyname($host);
			$ip = ($hostip == $host) ? $host : long2ip(ip2long($hostip));
			return $ip;
		}

		/**
		 * AskApache_Net::_set_sock_time()
		 *
		 * @return
		 */
		function _set_sock_time()
		{
			@ini_set("default_socket_timeout", $this->_read_timeout);
			if (function_exists("socket_set_timeout"))
				@socket_set_timeout($this->_fp, $this->_read_timeout);
			elseif (function_exists("stream_set_timeout"))
				@stream_set_timeout($this->_fp, $this->_read_timeout);
			return true;
		}

		/**
		 * AskApache_Net::getDigest()
		 *
		 * @return
		 */
		function getDigest()
		{
			foreach ($this->response_headers as $num => $header)
			{
				if (preg_match('/WWW-Authenticate: Digest/i', $header))
					$this->dh = $dh = substr($header, 25);
			}
			$dh = $this->dh;

			$this->socket['protocol'] = '1.1';
			$myDigest = $this->Digests;

			if (preg_match('/realm="([^"]*?)"/i', $dh, $match))
			{
				if (isset($match[1]) && !empty($match[1]))
					$myDigest['realm'] = $match[1];
			}
			if (preg_match('/nonce="([^"]*?)"/i', $dh, $match))
			{
				if (isset($match[1]) && !empty($match[1]))
					$myDigest['nonce'] = $match[1];
			}
			if (preg_match('/cnonce="([^"]*?)"/i', $dh, $match))
			{
				if (isset($match[1]) && !empty($match[1]))
					$myDigest['cnonce'] = $match[1];
			}
			if (preg_match('/algorithm=(MD5|MD5-sess),/i', $dh, $match))
			{
				if (isset($match[1]) && !empty($match[1]))
					$myDigest['algorithm'] = $match[1];
			}
			if (preg_match('/domain="([^"]*?)"/i', $dh, $match))
			{
				if (isset($match[1]) && !empty($match[1]))
					$myDigest['domain'] = $match[1];
			}
			if (preg_match('/opaque="([^"]*?)"/i', $dh, $match))
			{
				if (isset($match[1]) && !empty($match[1]))
					$myDigest['opaque'] = $match[1];
			}
			if (preg_match('/qop=[\'\"]?(auth|auth-int)[\'\"]?/i', $dh, $match))
			{
				if (isset($match[1]) && !empty($match[1]))
					$myDigest['qop'] = $match[1];
			}
			if (preg_match('/nc=([0-9]*?)/i', $dh, $match))
			{
				if (isset($match[1]) && !empty($match[1]))
					$myDigest['nc'] = $match[1];
			}

			$myDigest['uri'] = $this->socket['path'];
			$myDigest['A1'] = md5($this->socket['user'] . ':' . $myDigest['realm'] . ':' . $this->socket['pass']);
			$myDigest['A2'] = md5($this->socket['method'] . ':' . $this->socket['path']);
			$myDigest['response'] = md5($myDigest['A1'] . ':' . $myDigest['nonce'] . ':' . $myDigest['nc'] . ':' . $myDigest['cnonce'] . ':' . $myDigest['qop'] . ':' . $myDigest['A2']);
			$this->Digests = $myDigest;

			$ah = 'Authorization: Digest username="' . $this->socket['user'] . '", realm="' . $myDigest['realm'] . '", nonce="' . $myDigest['nonce'] . '", uri="' . $myDigest['uri'] . '"';
			$ah .= ', algorithm=' . $myDigest['algorithm'] . ', response="' . $myDigest['response'] . '"';
			$ah .= ', qop=' . $myDigest['qop'] . ', nc=' . $myDigest['nc'];
			if (!empty($myDigest['cnonce']))
				$ah .= ', cnonce="' . $myDigest['cnonce'] . '"';
			if (!empty($myDigest['opaque']))
				$ah .= ', opaque="' . $myDigest['opaque'] . '"';

			if (AA_PP_DEBUG)
			{
				echo '<pre>';
				echo $ah . "\n";
				print_r($myDigest);
				echo '</pre>';
			}

			return $ah;
		}
	}
}

?>