. */ // exit if add_action or plugins_url functions do not exist !defined('ABSPATH') || !function_exists('add_action') || !function_exists('plugins_url') || !function_exists('add_management_page') || !function_exists('wp_die') && exit; /******************************************************************************************************************************************************************************************************** COMPAT FUNCTIONS ********************************************************************************************************************************************************************************************************/ if (!function_exists('wp_die')) : function wp_die ($message = 'wp_die') { die($message); } endif; if (!function_exists('absint')): function absint( $maybeint ) { return abs( intval( $maybeint ) ); } endif; if (!function_exists('is_a')) : function is_a($o, $c) { return (!is_object($o)) ? false : ((strtolower(get_class($o)) == strtolower($c)) ? true : is_subclass_of($o, $c)); } endif; if (!function_exists('stripos')) : function stripos($haystack, $needle, $offset = 0) { return strpos(strtolower($haystack), strtolower($needle), $offset); } endif; /******************************************************************************************************************************************************************************************************** DEFINES ********************************************************************************************************************************************************************************************************/ !defined('NET_SOCKET_READ') && define('NET_SOCKET_READ', 1); !defined('NET_SOCKET_WRITE') && define('NET_SOCKET_WRITE', 2); !defined('NET_SOCKET_ERROR') && define('NET_SOCKET_ERROR', 4); !defined('STREAM_CRYPTO_METHOD_TLS_CLIENT') && define('STREAM_CRYPTO_METHOD_TLS_CLIENT', 3); !defined('STREAM_CRYPTO_METHOD_SSLv3_CLIENT') && define('STREAM_CRYPTO_METHOD_SSLv3_CLIENT', 1); !defined('STREAM_CRYPTO_METHOD_SSLv23_CLIENT') && define('STREAM_CRYPTO_METHOD_SSLv23_CLIENT', 2); !defined('STREAM_CRYPTO_METHOD_SSLv2_CLIENT') && define('STREAM_CRYPTO_METHOD_SSLv2_CLIENT', 0); // FILE STAT / PERMISSION DEFINES !defined('S_IFMT') && define('S_IFMT', 0170000); // mask for all types !defined('S_IFSOCK') && define('S_IFSOCK', 0140000); // type: socket !defined('S_IFLNK') && define('S_IFLNK', 0120000); // type: symbolic link !defined('S_IFREG') && define('S_IFREG', 0100000); // type: regular file !defined('S_IFBLK') && define('S_IFBLK', 0060000); // type: block device !defined('S_IFDIR') && define('S_IFDIR', 0040000); // type: directory !defined('S_IFCHR') && define('S_IFCHR', 0020000); // type: character device !defined('S_IFIFO') && define('S_IFIFO', 0010000); // type: fifo !defined('S_ISUID') && define('S_ISUID', 0004000); // set-uid bit !defined('S_ISGID') && define('S_ISGID', 0002000); // set-gid bit !defined('S_ISVTX') && define('S_ISVTX', 0001000); // sticky bit !defined('S_IRWXU') && define('S_IRWXU', 00700); // mask for owner permissions !defined('S_IRUSR') && define('S_IRUSR', 00400); // owner: read permission !defined('S_IWUSR') && define('S_IWUSR', 00200); // owner: write permission !defined('S_IXUSR') && define('S_IXUSR', 00100); // owner: execute permission !defined('S_IRWXG') && define('S_IRWXG', 00070); // mask for group permissions !defined('S_IRGRP') && define('S_IRGRP', 00040); // group: read permission !defined('S_IWGRP') && define('S_IWGRP', 00020); // group: write permission !defined('S_IXGRP') && define('S_IXGRP', 00010); // group: execute permission !defined('S_IRWXO') && define('S_IRWXO', 00007); // mask for others permissions !defined('S_IROTH') && define('S_IROTH', 00004); // others: read permission !defined('S_IWOTH') && define('S_IWOTH', 00002); // others: write permission !defined('S_IXOTH') && define('S_IXOTH', 00001); // others: execute permission !defined('S_IRWXUGO') && define('S_IRWXUGO', (S_IRWXU | S_IRWXG | S_IRWXO)); !defined('S_IALLUGO') && define('S_IALLUGO', (S_ISUID | S_ISGID | S_ISVTX | S_IRWXUGO)); !defined('S_IRUGO') && define('S_IRUGO', (S_IRUSR | S_IRGRP | S_IROTH)); !defined('S_IWUGO') && define('S_IWUGO', (S_IWUSR | S_IWGRP | S_IWOTH)); !defined('S_IXUGO') && define('S_IXUGO', (S_IXUSR | S_IXGRP | S_IXOTH)); !defined('S_IRWUGO') && define('S_IRWUGO', (S_IRUGO | S_IWUGO)); // WORDPRESS BUILTINS !defined('FS_CHMOD_DIR') && define('FS_CHMOD_DIR', (S_IRWUGO & ~ umask())); !defined('FS_CHMOD_FILE') && define('FS_CHMOD_FILE', (S_IRWXUGO & ~ umask())); !defined('WP_CONTENT_DIR') && define( 'WP_CONTENT_DIR', ABSPATH . 'wp-content' ); !defined('WP_CONTENT_URL') && define( 'WP_CONTENT_URL', WP_SITEURL . '/wp-content'); !defined('WP_PLUGIN_DIR') && define( 'WP_PLUGIN_DIR', WP_CONTENT_DIR . '/plugins' ); !defined('WP_PLUGIN_URL') && define( 'WP_PLUGIN_URL', WP_CONTENT_URL . '/plugins' ); !defined('COOKIEPATH') && define('COOKIEPATH', preg_replace('|https?://[^/]+|i', '', get_option('home') . '/')); !defined('SITECOOKIEPATH') && define('SITECOOKIEPATH', preg_replace('|https?://[^/]+|i', '', get_option('siteurl') . '/')); !defined('ADMIN_COOKIE_PATH') && define('ADMIN_COOKIE_PATH', SITECOOKIEPATH . 'wp-admin'); !defined('PLUGINS_COOKIE_PATH') && define('PLUGINS_COOKIE_PATH', preg_replace('|https?://[^/]+|i', '', WP_PLUGIN_URL)); // AA_PP DEFINES !defined('AA_PP_DIR') && define('AA_PP_DIR', dirname(__FILE__)); !defined('AA_PP_URL') && define('AA_PP_URL', WP_PLUGIN_URL . '/' . basename(dirname(__FILE__))); /* if ( !defined( 'PLUGINDIR' ) ) define( 'PLUGINDIR', 'wp-content/plugins' ); // Relative to ABSPATH. For back compat. if ( !defined('COOKIEPATH') ) define('COOKIEPATH', preg_replace('|https?://[^/]+|i', '', get_option('home') . '/' ) ); if ( !defined('SITECOOKIEPATH') ) define('SITECOOKIEPATH', preg_replace('|https?://[^/]+|i', '', get_option('siteurl') . '/' ) ); if ( !defined('ADMIN_COOKIE_PATH') ) define( 'ADMIN_COOKIE_PATH', SITECOOKIEPATH . 'wp-admin' ); if ( !defined('PLUGINS_COOKIE_PATH') ) define( 'PLUGINS_COOKIE_PATH', preg_replace('|https?://[^/]+|i', '', WP_PLUGIN_URL) ); if ( !defined('TEMPLATEPATH') ) define('TEMPLATEPATH', get_template_directory()); if ( !defined('STYLESHEETPATH') ) define('STYLESHEETPATH', get_stylesheet_directory()); if ( !defined('ABSPATH') ) define('ABSPATH', dirname(dirname(dirname(dirname(__FILE__)))) . '/'); */ define( 'AA_PP_DEBUG', 0 ); // set this to 1 for verbose debugging define( 'AA_PP_NET_DEBUG', 1 ); // set this to 1 for verbose network debugging /** aa_pp_activate * aa_pp_activate() * * @return */ function aa_pp_activate() { global $wpdb, $aa_PP, $aa_SIDS; $aa_PP = $s = $aa_SIDS = array(); foreach ( array( 'home_folder', 'wpadmin_folder', 'htpasswd_file', 'htaccess_file', 'original_htpasswd', 'original_htaccess', 'plugin_message', 'plugin_version', 'home', 'wpadmin', 'htpasswd_f', 'htaccess_f', 'user', 'plugin_message', 'home_folder', 'wpadmin_folder', 'htpasswd_file', 'htaccess_file', 'original_htpasswd', 'original_htaccess', 'plugin_message', 'plugin_version', 'pp_docroot_htaccess', 'pp_wp_includes_htaccess', 'pp_wp_content_htaccess', 'pp_wp_includes_htaccess', 'pp_main_base64', 'pp_ok' ) as $option ) delete_option( 'aa_'.$option ); $scheme = ( isset($_SERVER['HTTPS']) && ( 'on' == strtolower($_SERVER['HTTPS']) || '1' == $_SERVER['HTTPS'] ) || ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) )) ? 'https' : 'http'; $home = get_option( 'home' ); $siteurl=get_option('siteurl'); if($scheme=='https' && strpos($siteurl.$home,'https://')!==FALSE)$scheme='http'; $su = parse_url( $home ); !defined('WP_CONTENT_DIR') && define( 'WP_CONTENT_DIR', ABSPATH . 'wp-content' ); !defined('WP_CONTENT_URL') && define( 'WP_CONTENT_URL', $siteurl . '/wp-content'); !defined('WP_PLUGIN_DIR') && define( 'WP_PLUGIN_DIR', WP_CONTENT_DIR . '/plugins' ); !defined('WP_PLUGIN_URL') && define( 'WP_PLUGIN_URL', WP_CONTENT_URL . '/plugins' ); $home = get_option( 'siteurl' ); $su = parse_url( $home ); $path = ( !isset( $su['path'] ) || empty( $su['path'] ) ) ? '/' : rtrim( $su['path'], '/' ) . '/'; error_log( __FUNCTION__ . ":" . __LINE__ . ' ' . "path: $path" ); $home_path = rtrim( get_home_path(), '/' ) . '/'; $hu = str_replace( $scheme . '://', '', $home ); error_log( __FUNCTION__ . ":" . __LINE__ . ' ' . "hu: $hu" ); $url = $scheme . '://' . rtrim( str_replace( rtrim( $path, '/' ), '', $hu ), '/' ); error_log( __FUNCTION__ . ":" . __LINE__ . ' ' . "url: $url" ); $authdomain = "/wp-admin/"; update_option( 'askapache_password_protect', array( 'step' => 'welcome', 'setup_complete' => 0, 'scheme' => $scheme, 'host' => $su['host'], 'root_path' => $path, 'home_path' => $home_path, 'test_dir' => WP_CONTENT_DIR.'/askapache', 'root_htaccess' => $home_path . '.htaccess', 'admin_htaccess' => $home_path . 'wp-admin/.htaccess', 'admin_mail' => get_option( 'admin_email' ), 'authdomain' => $authdomain, 'authname' => 'Protected By AskApache', 'authuserfile' => $home_path . '.htpasswda3', 'authuserdigest' => 'AuthUserFile', 'algorithm' => 'md5', 'key' => wp_hash_password( wp_generate_password() ), 'htaccess_support' => 0, 'mod_alias_support' => 0, 'mod_rewrite_support' => 0, 'mod_security_support' => 0, 'mod_auth_digest_support' => 0, 'basic_support' => 0, 'digest_support' => 0, 'crypt_support' => 0, 'sha1_support' => 0, 'md5_support' => 0, 'revision_support' => 0, 'apache_version' => '', 'revisions' => array(), 'plugin_data' => get_plugin_data( __FILE__ ), ) ); update_option( 'askapache_password_protect_sids', array( 60000001 => array( 'Version' => '1.3', 'Name' => 'Directory Protection', 'Description' => 'Enable the DirectoryIndex Protection, preventing directory index listings and defaulting.', 'Rules' => 'Options -Indexes%n%' . 'DirectoryIndex index.html index.php %relative_root%index.php' ), 60000002 => array( 'Version' => '1.0', 'Name' => 'Loop Stopping Code', 'Description' => 'Stops Internal Redirect Loops', 'Rules' => 'RewriteCond %{ENV:REDIRECT_STATUS} 200%n%' . 'RewriteRule .* - [L]%n%' ), 10140001 => array( 'Version' => '1.1', 'Name' => 'Stop Hotlinking', 'Description' => 'Denies any request for static files (images, css, etc) if referrer is not local site or empty.', 'Rules' => 'RewriteCond %{HTTP_REFERER} !^$%n%' . 'RewriteCond %{REQUEST_URI} !^%relative_root%(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]%n%' . 'RewriteCond %{HTTP_REFERER} !^%scheme%://%host%.*$ [NC]%n%' . 'RewriteRule \.(ico|pdf|flv|jpg|jpeg|mp3|mpg|mp4|mov|wav|wmv|png|gif|swf|css|js)$ - [F,NS,L]' ), 20030001 => array( 'Version' => '1.3', 'Name' => 'Password Protect wp-login.php', 'Description' => 'Requires a valid user/pass to access the login page..', 'Rules' => '%n%' . 'Satisfy Any%n%' . '%generate_auth%%n%' . '' ), 21030002 => array( 'Version' => '1.3', 'Name' => 'Password Protect wp-admin', 'Description' => 'Requires a valid user/pass to access any non-static (css, js, images) file in this directory...', 'Rules' => '%generate_auth%%n%' . '%n%' . 'Allow from All%n%' . '%n%' . '%n%' . '%n%' . 'SecFilterEngine Off%n%' . '%n%' . 'Allow from All%n%' . '' ), 30140003 => array( 'Version' => '1.1', 'Name' => 'Forbid Proxies', 'Description' => 'Denies POST Request using a Proxy Server. Can access site, but not comment. See Perishable Press', 'Rules' => 'RewriteCond %{HTTP:VIA}%{HTTP:FORWARDED}%{HTTP:USERAGENT_VIA}%{HTTP:X_FORWARDED_FOR}%{HTTP:PROXY_CONNECTION} !^$ [OR]%n%' . 'RewriteCond %{HTTP:XPROXY_CONNECTION}%{HTTP:HTTP_PC_REMOTE_ADDR}%{HTTP:HTTP_CLIENT_IP} !^$%n%' . 'RewriteCond %{REQUEST_URI} !^%relative_root%(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]%n%' . 'RewriteCond %{REQUEST_METHOD} =POST%n%' . 'RewriteRule .* - [F,NS,L]' ), 30140004 => array( 'Version' => '1.1', 'Name' => 'Real wp-comments-post.php', 'Description' => 'Denies any POST attempt made to a non-existing wp-comments-post.php..', 'Rules' => 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ %relative_root%.*/wp-comments-post\.php.*\ HTTP/ [NC]%n%' . 'RewriteRule .* - [F,NS,L]' ), 30140005 => array( 'Version' => '1.1', 'Name' => 'BAD Content Length', 'Description' => 'Denies any POST request that doesnt have a Content-Length Header..', 'Rules' => 'RewriteCond %{REQUEST_METHOD} =POST%n%' . 'RewriteCond %{REQUEST_URI} !^%relative_root%(wp-admin/|wp-content/plugins/|wp-includes/).* [NC]%n%' . 'RewriteCond %{HTTP:Content-Length} ^$%n%' . 'RewriteRule .* - [F,NS,L]' ), 30140006 => array( 'Version' => '1.1', 'Name' => 'BAD Content Type', 'Description' => 'Denies any POST request with a content type other than application/x-www-form-urlencoded|multipart/form-data..', 'Rules' => 'RewriteCond %{REQUEST_METHOD} =POST%n%' . 'RewriteCond %{REQUEST_URI} !^%relative_root%(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]%n%' . 'RewriteCond %{HTTP:Content-Type} !^(application/x-www-form-urlencoded|multipart/form-data.*(boundary.*)?)$ [NC]%n%' . 'RewriteRule .* - [F,NS,L]' ), 30140007 => array( 'Version' => '1.1', 'Name' => 'NO HOST:', 'Description' => 'Denies requests that dont contain a HTTP HOST Header...', 'Rules' => 'RewriteCond %{REQUEST_URI} !^%relative_root%(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]%n%' . 'RewriteCond %{HTTP_HOST} ^$%n%' . 'RewriteRule .* - [F,NS,L]' ), 30140008 => array( 'Version' => '1.1', 'Name' => 'No UserAgent, No Post', 'Description' => 'Denies POST requests by blank user-agents. May prevent a small number of visitors from POSTING.', 'Rules' => 'RewriteCond %{REQUEST_METHOD} =POST%n%' . 'RewriteCond %{REQUEST_URI} !^%relative_root%(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]%n%' . 'RewriteCond %{HTTP_USER_AGENT} ^-?$%n%' . 'RewriteRule .* - [F,NS,L]' ), 30140009 => array( 'Version' => '1.1', 'Name' => 'No Referer, No Comment', 'Description' => 'Denies any comment attempt with a blank HTTP_REFERER field, highly indicative of spam. May prevent some visitors from POSTING.', 'Rules' => 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*/wp-comments-post\.php.*\ HTTP/ [NC]%n%' . 'RewriteCond %{HTTP_REFERER} ^-?$%n%' . 'RewriteRule .* - [F,NS,L]' ), 30140010 => array( 'Version' => '1.1', 'Name' => 'Trackback Spam', 'Description' => 'Denies obvious trackback spam. See Holy Shmoly!', 'Rules' => 'RewriteCond %{HTTP_USER_AGENT} ^.*(opera|mozilla|firefox|msie|safari).*$ [NC,OR]%n%' . 'RewriteCond %{HTTP_USER_AGENT} ^-?$%n%' . 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.+/trackback/?\ HTTP/ [NC]%n%' . 'RewriteCond %{REQUEST_METHOD} =POST%n%' . 'RewriteRule .* - [F,NS,L]' ), 40140011 => array( 'Version' => '1.2', 'Name' => 'Protect wp-content', 'Description' => 'Denies any Direct request for files ending in .php with a 403 Forbidden.. May break plugins/themes', 'Rules' => 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ %relative_root%wp-content/.*$ [NC]%n%' . 'RewriteCond %{REQUEST_FILENAME} !^.+(flexible-upload-wp25js|media)\.php$%n%' . 'RewriteCond %{REQUEST_FILENAME} ^.+\.(php|html|htm|txt)$%n%' . 'RewriteRule .* - [F,NS,L]' ), 40140012 => array( 'Version' => '1.2', 'Name' => 'Protect wp-includes', 'Description' => 'Denies any Direct request for files ending in .php with a 403 Forbidden.. May break plugins/themes', 'Rules' => 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ %relative_root%wp-includes/.*$ [NC]%n%' . 'RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ %relative_root%wp-includes/js/.+/.+\ HTTP/ [NC]%n%' . 'RewriteCond %{REQUEST_FILENAME} ^.+\.php$%n%' . 'RewriteRule .* - [F,NS,L]' ), 40140013 => array( 'Version' => '1.1', 'Name' => 'Common Exploit', 'Description' => 'Block common exploit requests with 403 Forbidden. These can help alot, may break some plugins.', 'Rules' => 'RewriteCond %{REQUEST_URI} !^%relative_root%(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]%n%' . 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ ///.*\ HTTP/ [NC,OR]%n%' . 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.+\?\=?(http|ftp|ssl|https):/.*\ HTTP/ [NC,OR]%n%' . 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\?.*\ HTTP/ [NC,OR]%n%' . 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(asp|ini|dll).*\ HTTP/ [NC,OR]%n%' . 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(htpasswd|htaccess|aahtpasswd).*\ HTTP/ [NC]%n%' . 'RewriteRule .* - [F,NS,L]' ), 50140001 => array( 'Version' => '1.1', 'Name' => 'Safe Request Methods', 'Description' => 'Denies any request not using GET,PROPFIND,POST,OPTIONS,PUT,HEAD..', 'Rules' => 'RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|POST|PROPFIND|OPTIONS|PUT)$ [NC]%n%' . 'RewriteRule .* - [F,NS,L]' ), 50140002 => array( 'Version' => '1.1', 'Name' => 'HTTP PROTOCOL', 'Description' => 'Denies any badly formed HTTP PROTOCOL in the request, 0.9, 1.0, and 1.1 only..', 'Rules' => 'RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ .+\ HTTP/(0\.9|1\.0|1\.1) [NC]%n%' . 'RewriteRule .* - [F,NS,L]' ), 50140003 => array( 'Version' => '1.1', 'Name' => 'SPECIFIC CHARACTERS', 'Description' => 'Denies any request for a url containing characters other than "a-zA-Z0-9.+/-?=&" - REALLY helps but may break your site depending on your links.', 'Rules' => 'RewriteCond %{REQUEST_URI} !^%relative_root%(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]%n%' . 'RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ [A-Z0-9\.\+_/\-\?\=\&\%\#]+\ HTTP/ [NC]%n%' . 'RewriteRule .* - [F,NS,L]' ), 50140004 => array( 'Version' => '1.1', 'Name' => 'Directory Traversal', 'Description' => 'Denies Requests containing ../ or ./. which is a directory traversal exploit attempt..', 'Rules' => 'RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ .*([\.]+[\.]+).*\ HTTP/ [NC]%n%' . 'RewriteRule .* - [F,NS,L]' ), 50140005 => array( 'Version' => '1.1', 'Name' => 'PHPSESSID Cookie', 'Description' => 'Only blocks when a PHPSESSID cookie is sent by the user and it contains characters other than 0-9a-z..', 'Rules' => 'RewriteCond %{HTTP_COOKIE} ^.*PHPSESS?ID.*$%n%' . 'RewriteCond %{HTTP_COOKIE} !^.*PHPSESS?ID=([0-9a-z]+);.*$%n%' . 'RewriteRule .* - [F,NS,L]' ), 50140006 => array( 'Version' => '1.1', 'Name' => 'Bogus Graphics Exploit', 'Description' => 'Denies obvious exploit using bogus graphics..', 'Rules' => 'RewriteCond %{HTTP:Content-Disposition} \.php [NC]%n%' . 'RewriteCond %{HTTP:Content-Type} image/.+ [NC]%n%' . 'RewriteRule .* - [F,NS,L]' ) ) ); $aa_SIDS = get_option( 'askapache_password_protect_sids' ); $sids = array_keys( $aa_SIDS ); foreach ( $sids as $sid ) { $newinfo = aa_pp_sid_info( $sid ); $aa_SIDS[$sid] = array_merge( $aa_SIDS[$sid], $newinfo ); } update_option( 'askapache_password_protect_sids', $aa_SIDS ); } /** aa_pp_get_post_values * aa_pp_get_post_values() * * @param mixed $v * @return */ function aa_pp_get_post_values( $v ) { global $aa_PP, $aa_SIDS; $errors = new WP_Error; $action = 'none'; foreach( array( 'a_htaccess_support', 'a_mod_alias_support', 'a_mod_rewrite_support', 'a_mod_security_support', 'a_mod_auth_digest_support', 'a_digest_support', 'a_basic_support' ) as $k ) { if ( isset( $_POST[$k] ) && $v[$k] != 1 ) { check_admin_referer( 'askapache-passpro-form' ); $v[substr( $k, 2 )] = 1; } } foreach( array( 'a_user', 'a_authdomain', 'a_authtype', 'a_algorithm', 'a_authname', 'a_authuserfile', 'a_step', 'a_admin_email', 'a_root_htaccess', ) as $k ) { if ( isset( $_POST[$k] ) && !empty( $_POST[$k] ) && $_POST[$k] != $v[$k] ) { check_admin_referer( 'askapache-passpro-form' ); $v[substr( $k, 2 )] = $_POST[$k]; } } foreach ( array( 'activate-selected', 'deactivate-selected', 'delete-selected', 'm_move' ) as $action_key ) { if ( isset( $_POST[$action_key] ) ) { aa_pp_notify( __FUNCTION__ . ":" . __LINE__ . ' ' . "Setting action to {$action_key}" ); $action = $action_key; break; } } if ( $action == 'm_move' ) { check_admin_referer( 'askapache-move-area' ); foreach( array( 'm_read', 'm_reset', 'm_sid', 'm_setup', 'm_test', 'm_welcome', 'm_contact' ) as $where ) { if ( isset( $_POST[$where] ) ) { $aa_PP['step'] = substr( $where, 2 ); aa_pp_notify( __FUNCTION__ . ":" . __LINE__ . ' ' . "Setting step to {$aa_PP['step']}" ); break; } } return true; } foreach ( array( 'deactivate-sid', 'activate-sid', 'view-revision', 'activate-revision', 'delete-revision' ) as $ak ) { if ( isset( $_GET[$ak] ) ) { $action = $ak; break; } } if ( isset( $_POST['a_pass1'] ) && isset( $_POST['a_pass2'] ) ) { if ( empty( $_POST['a_pass1'] ) || empty( $_POST['a_pass2'] ) )$errors->add( 'password-required', __( 'ERROR: A password is required' ) ); if ( $_POST['a_pass1'] != $_POST['a_pass2'] )$errors->add( 'passwords-notsame', __( 'ERROR: The passwords do not match.' ) ); else $pass = $_POST['a_pass1']; } if ( isset( $_POST['a_user'] ) && isset( $_POST['a_admin_email'] ) ) { if ( empty( $_POST['a_user'] ) )$errors->add( 'username-required', __( 'ERROR: A username is required.' ) ); if ( empty( $_POST['a_admin_email'] ) )$errors->add( 'adminemail-required', __( 'ERROR: An admin email is required.' ) ); if ( !is_email( $_POST['a_admin_email'] ) )$errors->add( 'adminemail-bad', __( 'ERROR: A valid admin email is required.' ) ); } if ( isset( $v['authtype'] ) && !in_array( $v['authtype'], array( 'Digest', 'Basic' ) ) ) $errors->add( 'bad-authtype', __( 'ERROR: Incorrect authtype' ) ); if ( isset( $v['algorithm'] ) && !in_array( $v['algorithm'], array( 'crypt', 'md5', 'sha1' ) ) ) $errors->add( 'bad-algorithm', __( 'ERROR: Incorrect algorithm' ) ); if ( isset($v['user']) && strpos( $v['user'], ':' ) !== false ) $errors->add( 'bad-username', __( 'ERROR: Username cannot contain the : character' ) ); if ( isset($v['authname']) && strlen( $v['authname'] ) > 65 ) $errors->add( 'bad-authname', __( 'ERROR: Authname cannot exceed 65 characters, yours was ' . strlen( $v['authname'] ) . ' characters' ) ); if ( isset($v['authtype']) && $v['authtype'] == 'Digest' && $v['algorithm'] != 'md5' ) $errors->add( 'algorithm-authtype-mismatch', __( 'ERROR: Digest Authentication can only use the md5 algorithm' ) ); foreach( array( $v['authuserfile'], $v['admin_htaccess'], $v['root_htaccess'] ) as $f ) { if ( strpos( basename( $f ), '.ht' ) === false ) $errors->add( 'bad-authuserfilename', __( 'ERROR: File names must start with .ht like .htaccess or .htpasswd-new3' ) ); if ( (int)$v['setup_complete'] != 0 ) { if ( aa_pp_htaccess_file_init() && !@touch($f) || !@is_writable( $f ) ) $errors->add( 'unwritable-file', __( 'ERROR: Please make ' . $f . ' writable and readable' ) ); } } if ( count( $errors->errors ) == 0 ) { $aa_PP = $v; switch ( $action ) { case 'activate-revision': $file = $_GET['activate-revision']; check_admin_referer( 'activate-revision_' . $file ); break; case 'view-revision': $file = $_GET['view-revision']; check_admin_referer( 'view-revision_' . $file ); break; case 'delete-revision': $file = $_GET['delete-revision']; check_admin_referer( 'delete-revision_' . $file ); $g = array(); foreach( $aa_PP['revisions'] as $item )if ( $item['id'] != $file )$g[] = $item; $v['revisions'] = $g; break; case 'activate-sid': $sid = ( int )$_GET['activate-sid']; check_admin_referer( 'activate-sid_' . $sid ); if ( !aa_pp_activate_sid( $sid ) ) $errors->add( 'sid-activation-failed', __( "Failed to activate sid {$sid}" ) ); echo ''; break; case 'deactivate-sid': $sid = ( int )$_GET['deactivate-sid']; check_admin_referer( 'deactivate-sid_' . $sid ); if ( !aa_pp_deactivate_sid( $sid ) ) $errors->add( 'sid-deactivation-failed', __( "Failed to deactivate sid {$sid}" ) ); break; case 'activate-selected': case 'deactivate-selected': check_admin_referer( 'askapache-bulk-sids' ); break; } if ( isset( $pass ) && count( $errors->errors ) == 0 ) { $message_headers = 'From: "' . $blog_title . '" '; $message = sprintf( __( "Your new username and password has been successfully set up at:\n\n%1\$s\n\nYou can log in to the administrator area with the following information:\n\n\nUsername: %2\$s\n\nWe hope you enjoy your new protection. Thanks!\n\n--The AskApache Team\nhttp://www.askapache.com/" ), get_option( 'siteurl' ) . '/wp-admin/', $v['user'] ); if ( !aa_pp_file_put_c( $v['authuserfile'], aa_pp_hashit( $v['authtype'], $v['user'], $pass, $v['authname'] ), false ) ) $errors->add( 'failed-create-authuserfile', __( 'ERROR: Failed to create ' . $v['authuserfile'] ) ); else if ( !wp_mail( $aa_PP['admin_email'], __( '__New AskApache User' ), $message, $message_headers ) ) $errors->add( 'failed-wp-mail', __( 'ERROR: Failed to mail to ' . $aa_PP['admin_email'] ) ); } } if ( count( $errors->errors ) > 0 ) $v['step'] = $aa_PP['step']; if ( $v['step'] == 'sid' && (int)$v['setup_complete'] != 1 )$v['setup_complete'] = 1; $aa_PP = $v; if ( count( $errors->errors ) > 0 ) return $errors; else return true; } /** aa_pp_main_page * aa_pp_main_page() * * @return */ function aa_pp_main_page() { global $aa_PP, $aa_SIDS; $aa_PP = get_option( 'askapache_password_protect' ); $aa_PP['scheme'] = ( isset($_SERVER['HTTPS']) && ( 'on' == strtolower($_SERVER['HTTPS']) || '1' == $_SERVER['HTTPS'] ) || ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) )) ? 'https' : 'http'; $aa_PP['scheme'] = ( isset($_SERVER['HTTPS']) && ( 'on' == strtolower($_SERVER['HTTPS']) || '1' == $_SERVER['HTTPS'] ) || ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) )) ? 'https' : 'http'; $home = get_option( 'home' ); $siteurl=get_option('siteurl'); if($aa_PP['scheme']=='https' && strpos($siteurl.$home,'https://')!==FALSE)$aa_PP['scheme']='http'; $aa_SIDS = get_option( 'askapache_password_protect_sids' ); if (!current_user_can("edit_files"))wp_die("edit_files cap required"); ?>

.htaccess Tutorial


' . $_POST['notice'] . '

'; $aa_PP['test_dir']=dirname(__FILE__).'/tests'; if ( (bool)AA_PP_DEBUG === true && $aa_PP['step']!='welcome') { echo '
';
		print_r(array('Plugin Options'=>$aa_PP,'Active SIDS'=>aa_pp_active_sids()));
		echo '
'; } switch ( $aa_PP['step'] ) { case 'contact': ?>

Note: To prevent 404 Errors or Login Looping due to a host misconfiguration, you can use my best plugin AskApache Google 404, trust me it's good. Otherwise you can search my blog for information about how to fix:

ErrorDocument 401 /error.html
ErrorDocument 403 /error.html

Bug Fixes

10/17/08 - Fixed known bugs.. Improved Testing with debug output automatically for failed tests.


Backups and Revisioning

8/19/08 - Ok so version 4.6 has some nice automatic revisioning/backup features... the next release will let us compare the new .htaccess file with the old .htaccess files just like wikis. (based once again on wordpress core)..

So now that the SID module system is pretty stable and there is now decent backups going on, the next thing I'll be adding is multi-user and group management. And much more access control by IP address and other ids.

The point of doing all that is so the plugin will be stable enough code-wise so we can focus in on developing custom SIDs for protecting wordpress blogs.. Mod_Security rules are on the way....


The SID Module Redesigned

8/14/08 - I'm finally mostly happy with the system now used by this plugin to update/modify/and use the different modules. The old code just wasn't future-proofed enough. This new version is based very much off of the WordPress Plugins code, so it is future proofed.

This "Improvements" page is the start of whats to come, Basically each of the security modules (and there are a LOT of great mod_security ones coming) will have their own very Basic settings. So you can tweak the settings. If someone finds an improvement they can send it for review. New ideas and modules can be submitted here also.

'; echo join( "\n", array_merge(array($folder . " Listing"), $list) ); echo ''; } function aa_ppnew_stat( $fl ) { static $ftypes = false; if ( !$ftypes ) $ftypes = array(S_IFSOCK=>'ssocket', S_IFLNK=>'llink', S_IFREG=>'-file', S_IFBLK=>'bblock', S_IFDIR=>'ddir', S_IFCHR=>'cchar', S_IFIFO=>'pfifo'); $s = $ss = array(); if ( ($ss = stat($fl)) === false ) return error_log( __FUNCTION__ . ':' . __LINE__ . " Couldnt stat {$fl}", 0 ); $p = $ss['mode']; $t = decoct($p & S_IFMT); $q = octdec($t); $type = (array_key_exists($q,$ftypes))?substr($ftypes[$q],1):'?'; $s = array( 'filename' => $fl, 'human' => ( substr($ftypes[$q],0,1) .(($p & S_IRUSR)?'r':'-') .(($p & S_IWUSR)?'w':'-') .(($p & S_ISUID)?(($p & S_IXUSR)?'s':'S'):(($p & S_IXUSR)?'x':'-')) .(($p & S_IRGRP)?'r':'-') .(($p & S_IWGRP)?'w':'-') .(($p & S_ISGID)?(($p & S_IXGRP)?'s':'S'):(($p & S_IXGRP)?'x':'-')) .(($p & S_IROTH)?'r':'-') .(($p & S_IWOTH)?'w':'-') .(($p & S_ISVTX)?(($p & S_IXOTH)?'t':'T'):(($p & S_IXOTH)?'x':'-'))), 'octal' => sprintf("%o",($ss['mode'] & 007777)), 'hex' => sprintf("0x%x", $ss['mode']), 'decimal' => sprintf("%d", $ss['mode']), 'binary' => sprintf("%b", $ss['mode']), 'base_convert' => base_convert($ss['mode'], 10, 8), 'fileperms' => (aa_pp_checkfunction('fileperms') ? fileperms($fl) : ''), 'mode' => $p, 'fileuid' => $ss['uid'], 'filegid' => $ss['gid'], 'owner_name' => aa_pp_get_posix_info('user', $ss['uid'], 'name'), 'group_name' => aa_pp_get_posix_info('group', $ss['gid'], 'name'), 'dirname' => dirname($fl), 'type_octal' => sprintf("%07o", $q), 'type' => $type, 'device' => $ss['dev'], 'device_number' => $ss['rdev'], 'inode' => $ss['ino'], 'is_file' => is_file($fl) ? 1 : 0, 'is_dir' => is_dir($fl) ? 1 : 0, 'is_link' => is_link($fl) ? 1 : 0, 'is_readable' => is_readable($fl) ? 1 : 0, 'is_writable' => is_writable($fl) ? 1 : 0, 'link_count' => $ss['nlink'], 'size' => $ss['size'], 'blocks' => $ss['blocks'], 'block_size' => $ss['blksize'], 'accessed' => date('Y M D H:i:s', $ss['atime']), 'modified' => date('Y M D H:i:s', $ss['mtime']), 'created' => date('Y M D H:i:s', $ss['ctime']), 'mtime' => $ss['mtime'], 'atime' => $ss['atime'], 'ctime' => $ss['ctime'] ); if ( is_link($fl) ) $s['link_to'] = readlink( $fl ); if ( realpath($fl) != $fl ) $s['real_filename'] = realpath( $fl ); return $s; } /** aa_pp_welcome_form * aa_pp_welcome_form() * * @return */ function aa_pp_welcome_form() { global $aa_PP, $aa_SIDS;?>

Warning!

If like me you install plugins without reading the instructions and browsing the source first, please be warned that once activated and a security module is also activated, you can easily lock YOURSELF out of your /wp-admin/ folder, in some cases you may even disable your site. The fix is easier than you can imagine. This plugin ONLY edits 2 files. The .htaccess file in the directory where your wp-config.php file is located, and the .htaccess file in the directory /wp-admin/. ALL you have to do to start over is to remove the obvious AskApache Section from those files. That's it. This plugin doesn't modify files, modify your database, modify your rewrites, it only modifies the server. If the following harmless tests are not successful, PLEASE prepare yourself by learning how to access your server files via FTP/SFTP/SSH/WebDav/WEbFTP/etc. so that if you do have a problem you can edit those 2 files and prevent downtime.

UNDERSTAND: That this is not like any other security plugins that operate at the application-level by controlling or using PHP to stop attacks, this plugin works at the network-level BEFORE PHP, which is why this plugin is so effective. It works so well that I had to write this extreme warning message as literally thousands of blog admins who installed this plugin locked down their whole blog to the point that they themselves were locked out. I've had to screen thousands of emails from panicked users who locked themselves out, it's such an easy fix I won't reply to them. 2... Only 2.. Files are changed by this plugin and simply removing the AskApache Section from each file will return your site to 100% the way it was, deleting this plugin on a broken blog does nothing, as this works above PHP all you need to do is edit those 2 files..

New Version Soon!

For those who've been using this plugin since 2007, and everyone who is waiting for my updates, THIS IS NOT IT, this is not even close. ;) As more people use this plugin I felt I had to make some changes to prevent all the support emails. The future 4.7 release is 2 years in the making, and I assure you will blow you away when it's released. If any PHP developers out there want to help me finish it up or beta test, email me at webmaster@askapache.com (serious only, I can use the help).

Test for Compatibility and Capability

First we need to run a series of tests on your server to determine what capabilities your site has and also to locate any potential installation problems.

The tests will be run on temporary files I'll create in your folder. They will create .htaccess and .htpasswd files in that location and then use fsockopen networking functions to query those files. This tells us exactly how your server handles .htaccess configurations, HTTP authentication schemes, Apache Module capability, etc..

Several tests send specially crafted HTTP requests which are designed to elicit very specific HTTP Protocol Responses to accurately determine your servers capabilities.

Other important checks will run: file permissions, function availability, much more boring testing. The tests are fast and you can re-run them whenever you want. If you'd like to see the action, define AA_PP_DEBUG to 1 in the source of this file. Good Luck!

$v) if(($vb||(!$vb&&$k=='WP_ADMIN'&&$vb=true)) && (strlen($v)>10||strpos($v,'/')!==FALSE))$c[$k]=$v; echo '
';ksort($c);print_r(array('Plugin Options'=>$aa_PP,'Active SIDS'=>aa_pp_active_sids(),'Constants'=>$c));echo '
'; aa_pp_pls(WP_CONTENT_DIR, 1); aa_pp_pls(dirname(__FILE__), 1); aa_pp_pls(ABSPATH, 1); ?>

Setup Password Protection

Create User


Username and Password sent here in case you forget it.


Authentication Scheme

Choose Scheme




This is the mechanism by which your credentials are authenticated (Digest is strongly preferred)

Authentication Settings


Use a location inaccessible from a web-browser if possible. Do not put it in the directory that it protects.

The authname or "Realm" serves two major functions. Part of the password dialog box. Second, it is used by the client to determine what password to send for a given authenticated area.

One or more URIs in the same protection space (i.e. use the same authname and username/password info). The URIs may be either absolute or relative URIs. Omitting causes client to send Authorization header for every request.

Encryption Preferences

Password File Algorithm



Note I do not store or save your password anywhere, so you will need to type it in each time you update this page.. for now.

$file, 'id' => $tag . count( $aa_PP['revisions'] ), 'md5' => $md5_val, 'time' => current_time( 'timestamp', 1 ), 'size' => filesize( $file ), 'data' => $data_compress, ); } /** aa_pp_htaccess_history * aa_pp_htaccess_history() * * @return */ function aa_pp_htaccess_history() { global $aa_PP; ?>

.htaccess File Revisions


$revs ) { if ( $revs['id'] == $id ) { $file = $revs; break; } } if ( !current_user_can( 'edit_plugins' ) ) wp_die( '

' . __( 'You do not have sufficient permissions to edit templates for this blog.' ) . '

' ); if ( $aa_PP['gzip_support'] != 1 )$content = base64_decode( $file['data'] ); else $content = gzuncompress( base64_decode( $file['data'] ) ); echo '
';
	echo htmlspecialchars( $content );
	echo '
'; } /** aa_pp_print_history * aa_pp_print_history() * * @param mixed $revision_files * @param mixed $context * @return */ function aa_pp_print_history( $revision_files, $context ) { global $aa_PP, $aa_SIDS; if ( sizeof( $revision_files ) < 1 )return; ?>

.htaccess File Revisions



' . __( 'View' ) . ''; $action_links[] = '' . __( 'Delete' ) . ''; echo "'; } ?>
ID Created Size Compressed Size File Location MD5 Hash
{$id} {$created} {$size} {$datasize} {$fi} {$hash} "; if ( !empty( $action_links ) ) echo implode( ' | ', $action_links ); echo '


Manage Security Modules

Modules are inserted into your server .htaccess configuration files. Once a module is installed, you may activate it or deactivate it here.


$arr ) aa_pp_print_sids_table( $arr, $n );?>



'; $action_links = '' . __( 'Deactivate' ) . ''; } else $action_links = '' . __( 'Activate' ) . ''; echo "'; } ?>
Name Description Response Apache Modules File Action
" . $oya . "" . $the_sid['Name'] . "

" . $the_sid['Description'] . "

 " . $the_sid['Response'] . " " . $the_sid['Module'] . " " . $the_sid['File'] . " " . $action_links . '


$line ) { if ( strpos( $line, "# +{$mark}{$sid}" ) !== false ) $state = true; if ( !$state ) fwrite( $f, $line . "\n" ); if ( strpos( $line, "# -{$mark}{$sid}" ) !== false ) $state = false; } } @$_POST['notice'] = "Successfully Deactivated {$the_sid['Name']}"; if ( !fclose( $f ) )return new WP_Error( 'fclose-failed', __( "fclose failed to close {$file} in aa_pp_deactivate_sid" ) ); return true; } /** aa_pp_activate_sid * aa_pp_activate_sid() * * @param mixed $sid * @param mixed $file * @return */ function aa_pp_activate_sid( $sid, $file = false ) { global $aa_PP, $aa_SIDS; $the_sid = $aa_SIDS[( int )$sid]; if ( !$file ) $file = ( $the_sid['File'] == 'root' ) ? $aa_PP['root_htaccess'] : $aa_PP['admin_htaccess']; $file = ( @is_readable( $file ) ) ? realpath( rtrim( $file, '/' ) ) : rtrim( $file, '/' ); if ( !is_readable( $file ) || !is_writable( $file ) ) return new WP_Error( 'not-writable', __( "{$file} not readable/writable by aa_pp_activate_sid for {$the_sid['Name']}" ) ); aa_pp_notify( __FUNCTION__ . ":" . __LINE__ . ' ' . "Activating {$the_sid['Name']} to {$file}" ); $rules = aa_pp_gen_sid( explode( "\n", $the_sid['Rules'] ) ); if ( !aa_pp_insert_sids( $file, $sid, $rules ) ) return new WP_Error( 'sid-activation-failed', __( "Failed to Activate {$the_sid['Name']}" ) ); else { @$_POST['notice'] = "Successfully Activated {$sid}: "{$the_sid['Name']}"
";
		foreach( $rules as $line )@$_POST['notice'] .= htmlentities( $line );
		@$_POST['notice'] .= '
'; } return true; } /** aa_pp_htaccess_file_init * aa_pp_htaccess_file_init() * * @param mixed $file * @return */ function aa_pp_htaccess_file_init( $file = false ) { global $aa_PP; if ( !$file ) $files = array( $aa_PP['admin_htaccess'], $aa_PP['root_htaccess'] ); else $files = array( $file ); foreach( $files as $file ) { $wordp = $new = $jot = array(); $aapasspro = $wpg = $s = false; $l1 = str_repeat( '#', 55 ); $l2 = '# - - - - - - - - - - - - - - - - - - - - - - - - - - -'; $logo = array( '# __ __', '# ____ ______/ /______ _____ ____ ______/ /_ ___', '# / __ `/ ___/ //_/ __ `/ __ \/ __ `/ ___/ __ \/ _ \ ', '# / /_/ (__ ) ,< / /_/ / /_/ / /_/ / /__/ / / / __/', '# \__,_/____/_/|_|\__,_/ .___/\__,_/\___/_/ /_/\___/', '# /_/' ); $ot = array_merge( array( '# +ASKAPACHE PASSPRO ' . $aa_PP['plugin_data']['Version'], $l1 ), $logo ); $ot = array_merge( $ot, array( $l2, '# +APRO SIDS' ) ); $ot = array_merge( $ot, array( '# -APRO SIDS', $l2 ), $logo ); $ot = array_merge( $ot, array( $l1, '# -ASKAPACHE PASSPRO ' . $aa_PP['plugin_data']['Version'], '' ) ); $markerdata = ( is_writable( dirname( $file ) ) && touch( $file ) ) ? @explode( "\n", @implode( '', @file( $file ) ) ) : false; if ( $markerdata ) { foreach ( $markerdata as $line ) { if ( strpos( $line, '# BEGIN WordPress' ) !== false ) { $s = $wpg = true; $wordp[] = ""; } if ( $s === true ) $wordp[] = $line; if ( strpos( $line, '# END WordPress' ) !== false ) { $s = false; continue; } if ( !$s ) $new[] = $line; if ( strpos( $line, '# +ASKAPACHE PASSPRO' ) !== false ) $aapasspro = true; } } @chmod( $file, 0644 ); if ( !$aapasspro ) { $jot = ( $wpg ) ? array_merge( $new, $ot, $wordp ) : array_merge( $markerdata, $ot ); if ( !$f = @fopen( $file, 'w' ) ) return new WP_Error( 'fopen-failed', __( "aa_pp_htaccess_file_init couldnt fopen {$file}" ) ); $pr = join( "\n", $jot ); if ( !@fwrite( $f, $pr, strlen( $pr ) ) ) return new WP_Error( 'aa_pp_htaccess_file_init', __( "aa_pp_insert_mark couldnt fwrite {$file}" ) ); if ( !@fclose( $f ) ) return new WP_Error( 'fclose-failed', __( "Couldnt fclose {$file}" ) ); } } return true; } /** aa_pp_insert_mark * aa_pp_insert_mark() * * @param mixed $file * @param mixed $marker * @param mixed $insertion * @param mixed $backup * @return */ function aa_pp_insert_mark( $file, $marker, $insertion, $backup = false ) { global $aa_PP; $file = ( @is_readable( $file ) ) ? realpath( rtrim( $file, '/' ) ) : rtrim( $file, '/' ); if ( !is_writable( $file ) && @!chmod( $file, 0644 ) && !@touch( $file ) ) return new WP_Error( 'creation-failed', __( "aa_pp_insert_mark could not write, create, or touch {$file}" ) ); if ( $backup ) $backedup = aa_pp_backup( $file, $file . '-' . time() ); aa_pp_notify( __FUNCTION__ . ":" . __LINE__ . ' ' . "Inserting {$marker} array to {$file}" ); $oldone = $foundit = false; $out = array(); if ( !is_array( $insertion ) || ( is_array( $insertion ) && count( $insertion ) < 1 ) ) { aa_pp_notify( __FUNCTION__ . ":" . __LINE__ . ' ' . "aa_pp_insert_mark1 called without array, creating one for {$marker}" ); $my = array( "# +{$marker}", "", "# -{$marker}" ); } else { $my = array(); $my[] = "# +{$marker}"; foreach ( $insertion as $l ) $my[] = $l; $my[] = "# -{$marker}"; } @chmod( $file, 0644 ); if ( !$f = @fopen( $file, 'w' ) ) return new WP_Error( 'fopen-failed', __( "aa_pp_insert_mark couldnt fopen {$file}" ) ); $pr = join( "\n", $my ); if ( !@fwrite( $f, $pr, strlen( $pr ) ) ) return new WP_Error( 'fwrite-failed', __( "aa_pp_insert_mark couldnt fwrite {$file}" ) ); if ( !@fwrite( $f, $out, strlen( $out ) ) ) return new WP_Error( 'fwrite-failed', __( "aa_pp_insert_mark couldnt fwrite {$file}" ) ); if ( !@fclose( $f ) ) return new WP_Error( 'fclose-failed', __( "Couldnt fclose {$file}" ) ); return true; } /** aa_pp_insert_sids * aa_pp_insert_sids() * * @param mixed $file * @param mixed $marker * @param mixed $insertion * @param mixed $backup * @return */ function aa_pp_insert_sids( $file, $marker, $insertion, $backup = false ) { global $aa_PP; $file = ( @is_readable( $file ) ) ? realpath( rtrim( $file, '/' ) ) : rtrim( $file, '/' ); if ( !is_writable( $file ) && @!chmod( $file, 0644 ) && !@touch( $file ) ) return new WP_Error( 'creation-failed', __( "aa_pp_insert_sids could not write, create, or touch {$file}" ) ); if ( $backup ) $backedup = aa_pp_backup( $file, $file . '-' . time() ); aa_pp_notify( __FUNCTION__ . ":" . __LINE__ . ' ' . "Inserting {$marker} array to {$file}" ); $foundit = false; $out = array(); if ( !is_array( $insertion ) || ( is_array( $insertion ) && count( $insertion ) < 1 ) ) { aa_pp_notify( __FUNCTION__ . ":" . __LINE__ . ' ' . "aa_pp_insert_sids called without array, creating one for {$marker}" ); $my = array( "# +SID {$marker}", "", "# -SID {$marker}" ); } else { $my = array(); $my[] = "# +SID {$marker}"; foreach ( $insertion as $l ) $my[] = $l; $my[] = "# -SID {$marker}"; } if ( $markerdata = @explode( "\n", @implode( '', @file( $file ) ) ) ) { if ( !$f = @fopen( $file, 'w' ) ) return new WP_Error( 'fopen-failed', __( "aa_pp_insert_sids couldnt fopen {$file}" ) ); $state = $s = $found = false; foreach ( $markerdata as $line ) { if ( strpos( $line, '-ASKAPACHE PASSPRO' ) !== false ) { fwrite( $f, $line . "\n" ); continue; } if ( strpos( $line, "# +APRO SIDS" ) !== false ) { $s = true; fwrite( $f, $line . "\n" ); continue; } if ( strpos( $line, "# -APRO SIDS" ) !== false ) { $s = false; if ( !$found ) { foreach ( $my as $in ) fwrite( $f, $in . "\n" ); } fwrite( $f, $line . "\n" ); continue; } if ( !$s ) fwrite( $f, $line . "\n" ); else { if ( strpos( $line, "# +SID {$marker}" ) !== false ) $state = true; if ( !$state )fwrite( $f, $line . "\n" ); if ( strpos( $line, "# -SID {$marker}" ) !== false ) { $state = false; $found = true; foreach ( $my as $in ) fwrite( $f, $in . "\n" ); } } } fclose( $f ); } return true; } function aa_pp_run_tests() { error_log( __FUNCTION__ . ':' . __LINE__ ); global $wpdb, $wp_version, $aa_PP, $aa_SIDS; require_once dirname(__FILE__).'/class-askapache-net.php'; $_apache_modules = array( 'apache', 'apache2filter', 'apache2handler', 'core', 'http_core', 'mod_access', 'mod_actions', 'mod_alias', 'mod_asis', 'mod_auth', 'mod_auth_anon', 'mod_auth_basic', 'mod_auth_dbm', 'mod_auth_digest', 'mod_auth_ldap', 'mod_auth_mysql', 'mod_authn_alias', 'mod_authn_anon', 'mod_authn_dbd', 'mod_authn_dbm', 'mod_authn_default', 'mod_authn_file', 'mod_authnz_ldap', 'mod_authz_dbm', 'mod_authz_default', 'mod_authz_groupfile', 'mod_authz_host', 'mod_authz_owner', 'mod_authz_svn', 'mod_authz_user', 'mod_autoindex', 'mod_bucketeer', 'mod_cache', 'mod_case_filter', 'mod_case_filter_in', 'mod_cband', 'mod_cern_meta', 'mod_cgi', 'mod_cgid', 'mod_charset_lite', 'mod_dav', 'mod_dav_fs', 'mod_dav_lock', 'mod_dav_svn', 'mod_dbd', 'mod_deflate', 'mod_dir', 'mod_disk_cache', 'mod_dosevasive', 'mod_dumpio', 'mod_echo', 'mod_encoding', 'mod_env', 'mod_example', 'mod_expires', 'mod_ext_filter', 'mod_fastcgi', 'mod_fcgid', 'mod_file_cache', 'mod_filter', 'mod_headers', 'mod_ident', 'mod_imagemap', 'mod_imap', 'mod_include', 'mod_info', 'mod_isapi', 'mod_limitipconn', 'mod_log_config', 'mod_log_forensic', 'mod_logio', 'mod_mem_cache', 'mod_mime', 'mod_mime_magic', 'mod_negotiation', 'mod_netware', 'mod_nw_ssl', 'mod_optional_fn_export', 'mod_optional_fn_import', 'mod_optional_hook_export', 'mod_optional_hook_import', 'mod_passenger', 'mod_proxy', 'mod_proxy_ajp', 'mod_proxy_balancer', 'mod_proxy_connect', 'mod_proxy_ftp', 'mod_proxy_http', 'mod_rewrite', 'mod_security', 'mod_setenvif', 'mod_so', 'mod_speling', 'mod_ssl', 'mod_status', 'mod_substitute', 'mod_suexec', 'mod_test', 'mod_unique_id', 'mod_userdir', 'mod_usertrack', 'mod_version', 'mod_vhost_alias', 'mod_win32', 'prefork', 'sapi_apache2' ); $ap = array(); $ap = $aa_PP; $scheme = ( isset($_SERVER['HTTPS']) && ( 'on' == strtolower($_SERVER['HTTPS']) || '1' == $_SERVER['HTTPS'] ) || ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) )) ? 'https' : 'http'; $home = get_option( 'home' ); $siteurl=get_option('siteurl'); if($scheme=='https' && strpos($siteurl.$home,'https://')!==FALSE)$scheme='http'; $home = get_option( 'siteurl' ); $hu = str_replace( $scheme . '://', '', $home ); $uri = plugins_url('/tests/',__FILE__); error_log('uri: '.$uri); $test_root_path = str_replace(ABSPATH,'/',dirname(__FILE__).'/tests/'); error_log('test_root_path: '.$test_root_path); $test_url_base = plugins_url('/tests/',__FILE__); error_log('test_url_base: '.$test_url_base); $home_path = rtrim( get_home_path(), '/' ) . '/'; $basic_authuserfile = $ap['test_dir'] . '/.htpasswd-basic'; $digest_authuserfile = $ap['test_dir'] . '/.htpasswd-digest'; $img = pack( "H*", "47494638396101000100800000ffffff0000002c00000000010001000002024401003b" ); $aok = '[ ] '; $fail = '[ ] '; $info = '[ ] '; $warn = '[ ] '; $m_s = '

'; $m_e = '

'; $test_htaccess_rules = array( "DirectoryIndex test.gif {$test_root_path}test.gif", "Options +FollowSymLinks", "ServerSignature On", "ErrorDocument 401 {$test_root_path}err.php", "ErrorDocument 403 {$test_root_path}err.php", "ErrorDocument 404 {$test_root_path}err.php", "ErrorDocument 500 {$test_root_path}err.php", "", 'RedirectMatch 305 ^.*modaliastest$ ' . $home, "", "", "RewriteEngine On", "RewriteBase /", 'RewriteCond %{QUERY_STRING} modrewritetest [NC]', 'RewriteRule .* ' . $home . ' [R=307,L]', "", '', "", 'SetEnv MODSEC_ENABLE On', "SecFilterEngine On", 'SecFilterDefaultAction "nolog,noauditlog,pass"', 'SecAuditEngine Off', 'SecFilterInheritance Off', 'SecFilter modsecuritytest "deny,nolog,noauditlog,status:503"', 'Deny from All', "", '', '', "AuthType Basic", 'AuthName "askapache test"', "AuthUserFile " . $basic_authuserfile, "Require valid-user", '', '', 'AuthType Digest', 'AuthName "askapache test"', "AuthDigestDomain {$test_root_path} {$test_url_base}", "AuthUserFile " . $digest_authuserfile, 'Require none', '', '', 'AuthType Digest', 'AuthName "askapache test"', "AuthDigestDomain {$test_root_path} {$test_url_base}", "AuthUserFile " . $digest_authuserfile, 'Require valid-user', '', '', 'AuthType Digest', 'AuthName "askapache test"', "AuthDigestDomain {$test_root_path} {$test_url_base}", "AuthUserFile " . $digest_authuserfile, 'Require valid-user', '' ); ?>

Test Results



Required Checks

The tests performed by this page are currently required to determine your servers capabilities to make sure we don't crash your server. The utmost care was taken to make these tests work for everyone running Apache, which is crazy hard because we are testing server configuration settings programmatically from a php binary without access to server configuration settings.

So we achieve this by modifying your server's .htaccess configuration file and then making special HTTP requests to your server which result in specific HTTP responses which tell us if the configuration changes failed or succeeded. The most widely allowed (by web hosts) and compatible 4+5 php function that provides access to sockets is fsockopen, so it is required. The next version will fallback to curl, but if your web host has disabled fsockopen you can bet you don't have curl.



File Permission Tests

If any of these checks fail this plugin will not work. Both your /.htaccess and /wp-admin/.htaccess files must be writable for this plugin, those are the only 2 files this plugin absolutely must be able to modify. If any of the other checks fail you will need to manually create a folder named askapache in your /wp-content/ folder and make it writable.



Encryption Function Tests

Your php installation should have all of these. The md5 is the only one absolutely required, otherwise I can't create the neccessary password files for you.



Revision Tests

This checks for the neccessary file permissions and functions needed to utilize the .htaccess file revision support.

Decompressed MD5: " . $data_decompress_md5 . "
Compressed MD5: " . $data_md5 . "

"; } ?>

.htaccess Capabilities

These tests determine with a high degree of accuracy whether or not your server is able to handle .htaccess files, and also checks for various Apache modules that extend the functionality of this plugin. The 2 modules you really want to have are mod_rewrite and mod_auth_digest. In future versions of this plugin, we will be utilizing the advanced security features of mod_security more and more, so if you don't have it, bug your web host about it non-stop ;)

'; foreach ( $test_htaccess_rules as $l ) echo htmlentities($l)."\n"; echo ''; } $tester = new AskApacheNet; $ap['htaccess_support'] = $atest = ( $tester->sockit( "{$test_url_base}err.php" ) == 200 ) ? 1 : 0; $msg = ( $atest ) ? $aok : $fail; echo $m_s . $msg . " .htaccess files allowed [200]" . $m_e; if ( (bool)AA_PP_DEBUG === true || !$atest )$tester->print_tcp_trace(); $tester = new AskApacheNet; $ap['mod_alias_support'] = $atest = ( $tester->sockit( "{$test_url_base}modaliastest" ) == 305 ) ? 1 : 0; $msg = ( $atest ) ? $aok : $warn; echo $m_s . $msg . " mod_alias detection [305]" . $m_e; if ( (bool)AA_PP_DEBUG === true || !$atest )$tester->print_tcp_trace(); $tester = new AskApacheNet; $ap['mod_rewrite_support'] = $atest = ( $tester->sockit( "{$test_url_base}err.php?modrewritetest=1" ) == 307 ) ? 1 : 0; $msg = ( $atest ) ? $aok : $warn; echo $m_s . $msg . " mod_rewrite detection [307]" . $m_e; if ( (bool)AA_PP_DEBUG === true || !$atest )$tester->print_tcp_trace(); $tester = new AskApacheNet; $ap['mod_security_support'] = $atest = ( $tester->sockit( "{$test_url_base}modsec_check.gif?modsecuritytest" ) != 200 ) ? 1 : 0; $msg = ( $atest ) ? $aok : $warn; echo $m_s . $msg . " mod_security detection [!200]" . $m_e; if ( (bool)AA_PP_DEBUG === true || !$atest )$tester->print_tcp_trace(); $tester = new AskApacheNet; $ap['mod_auth_digest_support'] = $atest = ( $tester->sockit( "{$test_url_base}digest_check.gif" ) == 401 ) ? 1 : 0; $msg = ( $atest ) ? $aok : $warn; echo $m_s . $msg . " mod_auth_digest detection [401]" . $m_e; if ( (bool)AA_PP_DEBUG === true || !$atest )$tester->print_tcp_trace(); ?>

HTTP Digest Authentication

Now we know the encryption and apache module capabilities of your site. This test literally logs in to your server using Digest Authenticationts, providing the ultimate answer as to if your server supports this scheme.

authtype = ''; $rb = ( $tester->sockit( $test_url_base . 'authdigestfile_test.gif' ) == 401 ) ? 1 : 0; $tester->sockit( str_replace( '://', '://testDIGEST:testDIGEST@', $test_url_base ) . 'authdigestfile_test.gif' ); $tester->authtype = 'Digest'; $rg = ( $tester->sockit( str_replace( '://', '://testDIGEST:testDIGEST@', $test_url_base ) . 'authdigestfile_test.gif' ) == 200 ) ? 1 : 0; $ap['digest_support'] = $atest = ( $rb && $rg ) ? 1 : 0; $msg = ( $atest ) ? $aok : $fail; echo $m_s . $msg . " Digest Authentication Attempt" . $m_e; if ( (bool)AA_PP_DEBUG === true || !$atest )$tester->print_tcp_trace(); if ( !$atest ) { $tester = new AskApacheNet; $tester->authtype = ''; $rb = ( $tester->sockit( $test_url_base . 'authuserfile_test.gif' ) == 401 ) ? 1 : 0; $tester->sockit( str_replace( '://', '://testDIGEST:testDIGEST@', $test_url_base ) . 'authuserfile_test.gif' ); $tester->authtype = 'Digest'; $rg = ( $tester->sockit( str_replace( '://', '://testDIGEST:testDIGEST@', $test_url_base ) . 'authuserfile_test.gif' ) == 200 ) ? 1 : 0; $ap['digest_support'] = $a1test = ( $rb && $rg ) ? 1 : 0; $msg = ( $a1test ) ? $aok : $fail; echo $m_s . $msg . "2nd Digest Authentication Attempt" . $m_e; if ( (bool)AA_PP_DEBUG === true || !$a1test )$tester->print_tcp_trace(); } if ( (bool)$ap['digest_support'] !== false ) $ap['authuserdigest'] = ( $atest ) ? 'AuthUserFile' : 'AuthUserFile'; } else echo $m_s . $msg . $fail . " Bummer... you don't have digest capabilities." . $m_e;?>

Basic Authentication Encryption Algorithms

Basic Authentication uses the .htpasswd file to store your encrypted password. These checks perform actual logins to your server using a different .htpasswd encryption each time.

sockit( $test_url_base . 'basic_auth_test.gif' ) == 401 ) ? 1 : 0; if ( $ap['crypt_support'] != 0 ) { $tester = new AskApacheNet; $rg = ( $tester->sockit( str_replace( '://', '://testCRYPT:testCRYPT@', $test_url_base ) . 'basic_auth_test.gif' ) == 200 ) ? 1 : 0; $ap['crypt_support'] = $atest = ( $rb && $rg ) ? 1 : 0; $msg = ( $atest ) ? $aok : $fail; echo $m_s . $msg . " Basic Authentication Attempt using Crypt Encryption" . $m_e; if ( (bool)AA_PP_DEBUG === true || !$atest )$tester->print_tcp_trace(); } if ( $ap['md5_support'] != 0 ) { $tester = new AskApacheNet; $rg = ( $tester->sockit( str_replace( '://', '://testMD5:testMD5@', $test_url_base ) . 'basic_auth_test.gif' ) == 200 ) ? 1 : 0; $ap['md5_support'] = $atest = ( $rb && $rg ) ? 1 : 0; $msg = ( $atest ) ? $aok : $fail; echo $m_s . $msg . " Basic Authentication Attempt using MD5 Encryption" . $m_e; if ( (bool)AA_PP_DEBUG === true || !$atest )$tester->print_tcp_trace(); } if ( $ap['sha1_support'] != 0 ) { $tester = new AskApacheNet; $rg = ( $tester->sockit( str_replace( '://', '://testSHA1:testSHA1@', $test_url_base ) . 'basic_auth_test.gif' ) == 200 ) ? 1 : 0; $ap['sha1_support'] = $atest = ( $rb && $rg ) ? 1 : 0; $msg = ( $atest ) ? $aok : $fail; echo $m_s . $msg . " Basic Authentication Attempt using SHA1 Encryption" . $m_e; if ( (bool)AA_PP_DEBUG === true || !$atest )$tester->print_tcp_trace(); } $ap['basic_support'] = $atest = ( $ap['sha1_support'] != 0 || $ap['md5_support'] != 0 || $ap['crypt_support'] != 0 ) ? 1 : 0; $msg = ( $atest ) ? $aok : $warn; echo $m_s . $msg . " Basic Authentication Access Scheme Supported" . $m_e;?>

Compatibility Checks

Checks different software to make sure its compatible with this plugin.



PHP.ini Information

Some information about your php.ini settings. The following settings may need to be tweaked. Likely they are fine.

$v) if(($vb||(!$vb&&$k=='WP_ADMIN'&&$vb=true)) && (strlen($v)>10||strpos($v,'/')!==FALSE))$c[$k]=$v; echo '
';ksort($c);print_r(array('Plugin Options'=>$aa_PP,'Active SIDS'=>aa_pp_active_sids(),'Constants'=>$c));echo '
'; aa_pp_pls(WP_CONTENT_DIR, 1); aa_pp_pls(dirname(__FILE__), 1); aa_pp_pls(ABSPATH, 1); echo '
'; wp_nonce_field( 'askapache-passpro-form' ); echo ''; echo '

'; echo '



'; echo '
'; /* sleep(1); foreach ( array( '.htaccess', '.htaccess-compress', '.htaccess-decompress', '.htpasswd-basic', '.htpasswd-digest', 'basic_auth_test.gif', 'authuserfile_test.gif', 'authdigestfile_test.gif', 'digest_check.gif', 'modsec_check.gif', 'test.gif' ) as $f ) aa_pp_unlink( $aa_PP['test_dir'] . '/' . $f ); @rmdir( $aa_PP['test_dir'] ); */ } /** aa_pp_run_tests() * * * @return */ function aa_pp_run_tests2() { global $wpdb, $wp_version, $aa_PP, $aa_SIDS; require_once ( dirname( __FILE__ ) . '/class-askapache-net.php' ); $ap = array(); $ap = $aa_PP; $home = get_option( 'siteurl' ); $hu = str_replace( $ap['scheme'] . '://', '', $home ); $uri = $ap['scheme'] . '://' . rtrim( str_replace( rtrim( $ap['root_path'], '/' ), '', $hu ), '/' ); $wp_content_dir = constant('WP_CONTENT_DIR'); $test_root_path = $ap['root_path'] . 'wp-content/' . basename( $ap['test_dir'] ) . '/'; $test_url_base = $uri . $test_root_path; $home_path = rtrim( get_home_path(), '/' ) . '/'; $basic_authuserfile = $ap['test_dir'] . '/.htpasswd-basic'; $digest_authuserfile = $ap['test_dir'] . '/.htpasswd-digest'; $img = pack( "H*", "47494638396101000100910000000000ffffffffffff00000021f90405140002002c00000000010001000002025401003b" ); $aok = '[ ] '; $fail = '[ ] '; $info = '[ ] '; $warn = '[ ] '; $m_s = '

'; $m_e = '

'; $test_htaccess_rules = array( "ErrorDocument 401 {$test_root_path}test.gif", "ErrorDocument 403 {$test_root_path}test.gif", "ErrorDocument 404 {$test_root_path}test.gif", "ErrorDocument 500 {$test_root_path}test.gif", "", 'RedirectMatch 305 ^.*modaliastest$ ' . $home, "", "", "RewriteEngine On", "RewriteBase /", 'RewriteCond %{QUERY_STRING} modrewritetest [NC]', 'RewriteRule .* ' . $home . ' [R=307,L]', "", '', "", 'SetEnv MODSEC_ENABLE On', "SecFilterEngine On", 'SecFilterDefaultAction "nolog,noauditlog,pass"', 'SecAuditEngine Off', 'SecFilterInheritance Off', 'SecFilter modsecuritytest "deny,nolog,noauditlog,status:503"', 'Deny from All', "", '', '', "AuthType Basic", 'AuthName "askapache test"', "AuthUserFile " . $basic_authuserfile, "Require valid-user", '', '', 'AuthType Digest', 'AuthName "askapache test"', "AuthDigestDomain {$test_root_path} {$test_url_base}", "AuthUserFile " . $digest_authuserfile, 'Require none', '', '', 'AuthType Digest', 'AuthName "askapache test"', "AuthDigestDomain {$test_root_path} {$test_url_base}", "AuthUserFile " . $digest_authuserfile, 'Require valid-user', '', '', 'AuthType Digest', 'AuthName "askapache test"', "AuthDigestDomain {$test_root_path} {$test_url_base}", "AuthUserFile " . $digest_authuserfile, 'Require valid-user', '' ); ?>

Test Results



Required Checks

The tests performed by this page are currently required to determine your servers capabilities to make sure we don't crash your server. The utmost care was taken to make these tests work for everyone running Apache, which is crazy hard because we are testing server configuration settings programmatically from a php binary without access to server configuration settings.

So we achieve this by modifying your server's .htaccess configuration file and then making special HTTP requests to your server which result in specific HTTP responses which tell us if the configuration changes failed or succeeded. The most widely allowed (by web hosts) and compatible 4+5 php function that provides access to sockets is fsockopen, so it is required. The next version will fallback to curl, but if your web host has disabled fsockopen you can bet you don't have curl.



File Permission Tests

If any of these checks fail this plugin will not work. Both your /.htaccess and /wp-admin/.htaccess files must be writable for this plugin, those are the only 2 files this plugin absolutely must be able to modify. If any of the other checks fail you will need to manually create a folder named askapache in your /wp-content/ folder and make it writable.



Encryption Function Tests

Your php installation should have all of these. The md5 is the only one absolutely required, otherwise I can't create the neccessary password files for you.



Revision Tests

This checks for the neccessary file permissions and functions needed to utilize the .htaccess file revision support.

Decompressed MD5: " . $data_decompress_md5 . "
Compressed MD5: " . $data_md5 . "

"; } ?>

.htaccess Capabilities

These tests determine with a high degree of accuracy whether or not your server is able to handle .htaccess files, and also checks for various Apache modules that extend the functionality of this plugin. The 2 modules you really want to have are mod_rewrite and mod_auth_digest. In future versions of this plugin, we will be utilizing the advanced security features of mod_security more and more, so if you don't have it, bug your web host about it non-stop ;)

'; foreach ( $test_htaccess_rules as $l ) echo htmlentities($l)."\n"; echo ''; } $tester = new AskApacheNet; $ap['htaccess_support'] = $atest = ( $tester->sockit( "{$test_url_base}test.gif" ) == 200 ) ? 1 : 0; $msg = ( $atest ) ? $aok : $fail; echo $m_s . $msg . " .htaccess files allowed [200]" . $m_e; if ( (bool)AA_PP_DEBUG === true || !$atest )$tester->print_tcp_trace(); $tester = new AskApacheNet; $ap['mod_alias_support'] = $atest = ( $tester->sockit( "{$test_url_base}modaliastest" ) == 305 ) ? 1 : 0; $msg = ( $atest ) ? $aok : $warn; echo $m_s . $msg . " mod_alias detection [305]" . $m_e; if ( (bool)AA_PP_DEBUG === true || !$atest )$tester->print_tcp_trace(); $tester = new AskApacheNet; $ap['mod_rewrite_support'] = $atest = ( $tester->sockit( "{$test_url_base}test.gif?modrewritetest=1" ) == 307 ) ? 1 : 0; $msg = ( $atest ) ? $aok : $warn; echo $m_s . $msg . " mod_rewrite detection [307]" . $m_e; if ( (bool)AA_PP_DEBUG === true || !$atest )$tester->print_tcp_trace(); $tester = new AskApacheNet; $ap['mod_security_support'] = $atest = ( $tester->sockit( "{$test_url_base}modsec_check.gif?modsecuritytest" ) != 200 ) ? 1 : 0; $msg = ( $atest ) ? $aok : $warn; echo $m_s . $msg . " mod_security detection [!200]" . $m_e; if ( (bool)AA_PP_DEBUG === true || !$atest )$tester->print_tcp_trace(); $tester = new AskApacheNet; $ap['mod_auth_digest_support'] = $atest = ( $tester->sockit( "{$test_url_base}digest_check.gif" ) == 401 ) ? 1 : 0; $msg = ( $atest ) ? $aok : $warn; echo $m_s . $msg . " mod_auth_digest detection [401]" . $m_e; if ( (bool)AA_PP_DEBUG === true || !$atest )$tester->print_tcp_trace(); ?>

HTTP Digest Authentication

Now we know the encryption and apache module capabilities of your site. This test literally logs in to your server using Digest Authenticationts, providing the ultimate answer as to if your server supports this scheme.

authtype = ''; $rb = ( $tester->sockit( $test_url_base . 'authdigestfile_test.gif' ) == 401 ) ? 1 : 0; $tester->sockit( str_replace( '://', '://testDIGEST:testDIGEST@', $test_url_base ) . 'authdigestfile_test.gif' ); $tester->authtype = 'Digest'; $rg = ( $tester->sockit( str_replace( '://', '://testDIGEST:testDIGEST@', $test_url_base ) . 'authdigestfile_test.gif' ) == 200 ) ? 1 : 0; $ap['digest_support'] = $atest = ( $rb && $rg ) ? 1 : 0; $msg = ( $atest ) ? $aok : $fail; echo $m_s . $msg . " Digest Authentication Attempt" . $m_e; if ( (bool)AA_PP_DEBUG === true || !$atest )$tester->print_tcp_trace(); if ( !$atest ) { $tester = new AskApacheNet; $tester->authtype = ''; $rb = ( $tester->sockit( $test_url_base . 'authuserfile_test.gif' ) == 401 ) ? 1 : 0; $tester->sockit( str_replace( '://', '://testDIGEST:testDIGEST@', $test_url_base ) . 'authuserfile_test.gif' ); $tester->authtype = 'Digest'; $rg = ( $tester->sockit( str_replace( '://', '://testDIGEST:testDIGEST@', $test_url_base ) . 'authuserfile_test.gif' ) == 200 ) ? 1 : 0; $ap['digest_support'] = $a1test = ( $rb && $rg ) ? 1 : 0; $msg = ( $a1test ) ? $aok : $fail; echo $m_s . $msg . "2nd Digest Authentication Attempt" . $m_e; if ( (bool)AA_PP_DEBUG === true || !$a1test )$tester->print_tcp_trace(); } if ( (bool)$ap['digest_support'] !== false ) $ap['authuserdigest'] = ( $atest ) ? 'AuthUserFile' : 'AuthUserFile'; } else echo $m_s . $msg . $fail . " Bummer... you don't have digest capabilities." . $m_e;?>

Basic Authentication Encryption Algorithms

Basic Authentication uses the .htpasswd file to store your encrypted password. These checks perform actual logins to your server using a different .htpasswd encryption each time.

sockit( $test_url_base . 'basic_auth_test.gif' ) == 401 ) ? 1 : 0; if ( $ap['crypt_support'] != 0 ) { $tester = new AskApacheNet; $rg = ( $tester->sockit( str_replace( '://', '://testCRYPT:testCRYPT@', $test_url_base ) . 'basic_auth_test.gif' ) == 200 ) ? 1 : 0; $ap['crypt_support'] = $atest = ( $rb && $rg ) ? 1 : 0; $msg = ( $atest ) ? $aok : $fail; echo $m_s . $msg . " Basic Authentication Attempt using Crypt Encryption" . $m_e; if ( (bool)AA_PP_DEBUG === true || !$atest )$tester->print_tcp_trace(); } if ( $ap['md5_support'] != 0 ) { $tester = new AskApacheNet; $rg = ( $tester->sockit( str_replace( '://', '://testMD5:testMD5@', $test_url_base ) . 'basic_auth_test.gif' ) == 200 ) ? 1 : 0; $ap['md5_support'] = $atest = ( $rb && $rg ) ? 1 : 0; $msg = ( $atest ) ? $aok : $fail; echo $m_s . $msg . " Basic Authentication Attempt using MD5 Encryption" . $m_e; if ( (bool)AA_PP_DEBUG === true || !$atest )$tester->print_tcp_trace(); } if ( $ap['sha1_support'] != 0 ) { $tester = new AskApacheNet; $rg = ( $tester->sockit( str_replace( '://', '://testSHA1:testSHA1@', $test_url_base ) . 'basic_auth_test.gif' ) == 200 ) ? 1 : 0; $ap['sha1_support'] = $atest = ( $rb && $rg ) ? 1 : 0; $msg = ( $atest ) ? $aok : $fail; echo $m_s . $msg . " Basic Authentication Attempt using SHA1 Encryption" . $m_e; if ( (bool)AA_PP_DEBUG === true || !$atest )$tester->print_tcp_trace(); } $ap['basic_support'] = $atest = ( $ap['sha1_support'] != 0 || $ap['md5_support'] != 0 || $ap['crypt_support'] != 0 ) ? 1 : 0; $msg = ( $atest ) ? $aok : $warn; echo $m_s . $msg . " Basic Authentication Access Scheme Supported" . $m_e;?>

Compatibility Checks

Checks different software to make sure its compatible with this plugin.



PHP.ini Information

Some information about your php.ini settings. The following settings may need to be tweaked. Likely they are fine.

'; wp_nonce_field( 'askapache-passpro-form' ); if ( !$htaccess_test1 || !$htaccess_test2 || !$netok || $aa_PP['htaccess_support'] != 1 ) { echo '

Im very sorry, but unless you can resolve the failed requirements above you cannot utilize this plugin at this time. :(

'; echo '

Change the AA_PP_DEBUG to 1 in the source code of this plugin for verbose reasons why these tests failed.

'; echo ''; echo '

'; } else { echo ''; echo '

'; } echo '



'; echo '
'; /* sleep(1); foreach ( array( '.htaccess', '.htaccess-compress', '.htaccess-decompress', '.htpasswd-basic', '.htpasswd-digest', 'basic_auth_test.gif', 'authuserfile_test.gif', 'authdigestfile_test.gif', 'digest_check.gif', 'modsec_check.gif', 'test.gif' ) as $f ) aa_pp_unlink( $aa_PP['test_dir'] . '/' . $f ); //@rmdir( $aa_PP['test_dir'] ); */ } /** aa_pp_hashit() * * * @param mixed $algorithm * @param string $user * @param string $pass * @param string $authname * @return */ function aa_pp_hashit( $alg, $u = '', $p = '', $an = '' ) { error_log( __FUNCTION__ . ":" . __LINE__ . ' ' . "Creating $alg of $u for $an"); switch (strtoupper($alg)) { case 'DIGEST': return $u.":".$an.":".md5($u.":".$an.":".$p); break; case 'SHA1': return $u.':{SHA}'.base64_encode(pack("H*",sha1($p))); break; case 'CRYPT': for($s='',$i=0;$i<8;$i++,$s.=substr('0123456789abcdef',rand(0,15),1)); return"{$u}:".crypt($p,"$".$s); break; case 'MD5': for ($i=strlen($p), $ss = substr(str_shuffle('abcdefghijklmnopqrstuvwxyz0123456789'),0,8), $tt = $p.'$apr1$'.$ss, $b=pack("H32",md5($p.$ss.$p)); $i>0; $tt.=substr($b,0,min(16,$i)), $i-=16); for ($i=strlen($p), $s1='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; $i>0; $tt.=($i&1)?chr(0):$p{0}, $i>>=1); for ($b=pack("H32",md5($tt)), $i=0; $i<1000; $b=pack("H32",md5((($i&1)?$p:$b).(($i%3)?$ss:'').(($i%7)?$p:'').(($i&1)?$b:$p))), $i++); for ($m='', $i=0, $s2='./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; $i<5; $m=$b[$i].$b[$i+6].$b[($i==4)?5:($i+12)].$m, $i++); return $u.':$apr1$'.$ss.'$'.strtr(strrev(substr(base64_encode(chr(0).chr(0).$b[11].$m),2)),$s1,$s2); break; } } /* function aa_pp_hashit( $algorithm, $user = '', $pass = '', $authname = '' ) { global $aa_PP, $aa_SIDS; $hash = $tmp = ''; aa_pp_notify( __FUNCTION__ . ":" . __LINE__ . ' ' . 'Creating ' . $algorithm . ' Hash in aa_pp_hashit' ); switch ( strtoupper( $algorithm ) ) { case 'DIGEST': $hash = $user . ":" . $authname . ":" . md5( $user . ":" . $authname . ":" . $pass ); break; case 'CRYPT': $seed = null; for ( $i = 0; $i < 8; $i++ ) $seed .= substr( '0123456789abcdef', rand( 0, 15 ), 1 ); $hash = "{$user}:" . crypt( $pass, "$" . $seed ); break; case 'SHA1': $hash = $user . ':{SHA}' . base64_encode( pack( "H*", sha1( $pass ) ) ); break; case 'MD5': $saltt = substr( str_shuffle( "abcdefghijklmnopqrstuvwxyz0123456789" ), 0, 8 ); $len = strlen( $pass ); $text = $pass . '$apr1$' . $saltt; $bin = pack( "H32", md5( $pass . $saltt . $pass ) ); for ( $i = $len; $i > 0; $i -= 16 ) $text .= substr( $bin, 0, min( 16, $i ) ); for ( $i = $len; $i > 0; $i >>= 1 ) $text .= ( $i &1 ) ? chr( 0 ) : $pass{0}; $bin = pack( "H32", md5( $text ) ); for ( $i = 0; $i < 1000; $i++ ) { $new = ( $i &1 ) ? $pass : $bin; if ( $i % 3 ) $new .= $saltt; if ( $i % 7 ) $new .= $pass; $new .= ( $i &1 ) ? $bin : $pass; $bin = pack( "H32", md5( $new ) ); } for ( $i = 0; $i < 5; $i++ ) { $k = $i + 6; $j = $i + 12; if ( $j == 16 ) $j = 5; $tmp = $bin[$i] . $bin[$k] . $bin[$j] . $tmp; } $tmp = chr( 0 ) . chr( 0 ) . $bin[11] . $tmp; $tmp = strtr( strrev( substr( base64_encode( $tmp ), 2 ) ), "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" ); $hash = $user . ':$apr1$' . $saltt . '$' . $tmp; break; } return $hash; } */ /** aa_pp_sid_info * aa_pp_sid_info() * * @param mixed $sid * @return */ function aa_pp_sid_info( $sid ) { $sid = ( string )$sid; $types = array( 1 => 'Protection', 2 => 'Password', 3 => 'Anti-Spam', 4 => 'WordPress Exploit', 5 => 'General Exploit', 6 => 'General' ); $files = array( 0 => 'root', 1 => 'wp-admin', 2 => 'other' ); $modules = array( 0 => 'core', 1 => 'mod_rewrite', 2 => 'mod_alias', 3 => 'mod_security', 4 => 'mod_setenv' ); $response = array( 0 => 'none', 1 => '503 Service Temporarily Unavailable', 2 => '505 HTTP Version Not Supported', 3 => '401 Authorization Required', 4 => '403 Forbidden', 5 => '405 Method Not Allowed' ); return array( 'Type' => $types[$sid{0}], 'File' => $files[$sid{1}], 'Module' => $modules[$sid{2}], 'Response' => $response[$sid{3}] ); } /** aa_pp_list_files * aa_pp_list_files() * * @param mixed $dir * @return */ function aa_pp_list_files( $dir ) { $files = array(); if ( is_dir( $dir ) && !is_link( $dir ) ) { $d = dir( $dir ); while ( false !== ( $r = $d->read() ) ) { if ( strpos( $r, '.htaccess-' ) === false )continue; else $files[] = $r; } $d->close(); ksort( $files ); } return $files; } /** aa_pp_mkdir * aa_pp_mkdir() * * @param mixed $dirname * @return */ function aa_pp_mkdir( $dir ) { @umask( 0 ); $dirname = ( @is_readable( $dir ) ) ? realpath( rtrim( $dir, '/' ) ) : rtrim( $dir, '/' ); $dirname = str_replace( '//', '/', $dirname ); aa_pp_notify( __FUNCTION__ . ":" . __LINE__ . ' ' . "Creating directory {$dirname}" ); chmod( $dirname, 0755 ); if ( is_dir( $dirname ) || @wp_mkdir_p( $dirname ) ) return $dirname; elseif ( is_writable( $dirname ) && @wp_mkdir_p( $dirname ) ) return $dirname; else return( @mkdir( $dirname, 0755 ) ) ? $dirname : new WP_Error( 'mkdir-failed', __( "Failed to create directory {$dirname}" ) ); } /** aa_pp_unlink * aa_pp_unlink() * * @param mixed $f * @param mixed $backup * @return */ function aa_pp_unlink( $f, $backup = false ) { @umask( 0 ); $f = ( @is_readable( $f ) ) ? realpath( rtrim( $f, '/' ) ) : rtrim( $f, '/' ); $f = str_replace( '//', '/', $f ); if ( !@file_exists( $f ) ) return true; if ( $backup ) $backedup = aa_pp_backup( $f, $f . '-' . time() ); aa_pp_notify( __FUNCTION__ . ":" . __LINE__ . ' ' . "Deleted {$f}" ); if ( is_dir( $f ) ) return aa_pp_rmdir( $f ); else @unlink( $f ); if ( !@file_exists( $f ) ) return true; return( @chmod( $f, 0777 ) && @unlink( $f ) ) ? true : ( @chmod( dirname( $f ), 0777 ) && @unlink( $f ) ) ? true : new WP_Error( 'delete-failed', __( "Failed to delete {$f} in aa_pp_unlink" ) ); } /** aa_pp_backup * aa_pp_backup() * * @param mixed $f * @param mixed $bf * @return */ function aa_pp_backup( $f, $bf = 0 ) { if ( !$bf || $f == $bf )$bf = dirname( $f ) . '/' . basename( $f ) . '.AABK-' . time(); aa_pp_notify( __FUNCTION__ . ":" . __LINE__ . ' ' . "Backing up {$f} to {$bf}" ); if ( !@copy( $f, $bf ) ) aa_pp_notify( __FUNCTION__ . ":" . __LINE__ . ' ' . "Failed to backup {$f} to {$bf} using copy" ); elseif ( !@rename( $f, $bf ) ) return new WP_Error( 'rename-failed', __( "Couldnt rename {$f} to {$bf}" ) ); else return $bf; } /** aa_pp_bytes * aa_pp_bytes() * * @param mixed $bytes * @return */ function aa_pp_bytes($b = 0) { static $s=NULL; if(is_null($s)) $s = array('B', 'Kb', 'MB', 'GB', 'TB', 'PB'); $e = floor(log($b) / log(1024)); return sprintf('%.2f ' . $s[$e], (($b > 0) ? ($b / pow(1024, floor($e))) : 0)); } /** aa_pp_file_put_c * aa_pp_file_put_c() * * @param mixed $file * @param mixed $content * @param mixed $backup * @return */ function aa_pp_file_put_c( $f, $content, $backup = false ) { @umask( 0 ); //$f = ( @is_readable( $f ) ) ? realpath( rtrim( $f, '/' ) ) : rtrim( $f, '/' ); aa_pp_notify( __FUNCTION__ . ":" . __LINE__ . ' ' . "Creating {$f}" ); if ( !is_dir( dirname( $f ) ) ) aa_pp_mkdir( dirname( $f ) ); if ( file_exists( $f ) && is_readable( $f ) && $backup ) $backedup = aa_pp_backup( $f ); if ( aa_pp_checkfunction( "file_put_contents" ) ) return @file_put_contents( $f, $content ); if ( !$fh = @fopen( $f, 'wb' ) ) return new WP_Error( 'fopen-failed', __( "Couldnt fopen {$f}" ) ); if ( !@fwrite( $fh, $content, strlen( $content ) ) ) return new WP_Error( 'fwrite-failed', __( "Couldnt fwrite {$f}" ) ); if ( !@fclose( $fh ) ) return new WP_Error( 'fclose-failed', __( "Couldnt fclose {$f}" ) ); return true; } /** aa_pp_readfile * aa_pp_readfile() * * @param mixed $file * @return */ function aa_pp_readfile( $f ) { @umask( 0 ); $f = ( @is_readable( $f ) ) ? realpath( rtrim( $f, '/' ) ) : rtrim( $f, '/' ); aa_pp_notify( __FUNCTION__ . ":" . __LINE__ . ' ' . "Reading {$f}" ); if ( !$fh = @fopen( $f, 'rb' ) ) return new WP_Error( 'fopen-failed', __( "Couldnt fopen {$f}" ) ); if ( !$filecontent = @fread( $fh, @filesize( $f ) ) ) return new WP_Error( 'fread-failed', __( "Couldnt fread {$f}" ) ); if ( !@fclose( $fh ) ) return new WP_Error( 'fclose-failed', __( "Couldnt fclose {$f}" ) ); return $filecontent; } /** aa_pp_errors * aa_pp_errors() * * @param mixed $message * @param string $title * @return */ function aa_pp_errors( $message, $title = '' ) { $class = 'id="message" class="updated fade"'; if ( aa_pp_checkfunction( 'is_wp_error' ) && is_wp_error( $message ) ) { $class = 'class="error"'; if ( empty( $title ) ) { $error_data = $message->get_error_data(); if ( is_array( $error_data ) && isset( $error_data['title'] ) ) $title = $error_data['title']; } $errors = $message->get_error_messages(); switch ( count( $errors ) ) { case 0 : $g = ''; break; case 1 : $g = "

{$errors[0]}

"; break; default : $g = ''; break; } } elseif ( is_string( $message ) ) $g = "

{$message}

"; if ( !empty( $g ) )echo "
{$g}

"; } /** aa_pp_checkfunction * aa_pp_checkfunction() * * @param mixed $f * @return */ function aa_pp_checkfunction($f) { static $bad=NULL,$ok = array(); if ( is_null($bad) ) $bad = ( function_exists('ini_get') ) ? (array)@explode(',',strtolower(strval(@ini_get('disable_functions')))) : array(); if ( false!==($f=strtolower($f)) && ( in_array($f, $ok) || in_array($f, $bad)) ) return (in_array($f, $ok)); return (!function_exists($f)) ? !( $bad[] = $f ) : !!( $ok[] = $f ); } /** aa_pp_debug * aa_pp_debug() * * @param string $message * @return */ function aa_pp_debug( $m = '' ) { error_log("PHP AAPP Error: {$m}"); return false; } /* function aa_pp_new_get_error_log() { // If this directive is not set, errors are sent to the SAPI error logger. For example, it is an error log in Apache or stderr in CLI. $log_file_ini=(($v=''&&$v=strval(ini_get('error_log')))!==false&&!empty($v)) ? $v : FALSE; $log_file_wp=(defined('WP_DEBUG_LOG')&&$v=strval(constant('WP_DEBUG_LOG'))&&FALSE!==WP_DEBUG_LOG&&!empty($v)) ? $v : FALSE; //$log_file = ( is_array($this->options) && isset($this->options['logfile']) ) ? $this->options['logfile'] : @ini_get( 'error_log' ); $log_file = ($log_file !== false && ! empty($log_file) ) ? $log_file : false; return $log_file; } */ /** aa_pp_notify * aa_pp_notify() * * @param string $message * @return */ function aa_pp_notify( $message = '' ) { if ( (bool)AA_PP_DEBUG === true ) @error_log( ltrim( "PHP AAPP Info: {$message}" ), 0 ); } if (is_admin()) : $_aabf=basename(__FILE__); $_aapb=preg_replace('|^' . preg_quote(WP_PLUGIN_DIR, '|') . '/|', '', __FILE__); $_aahk=rtrim('settings_page_'.$_aabf, '.php'); register_activation_hook( __FILE__, 'aa_pp_activate' ); register_deactivation_hook( __FILE__, create_function('', 'error_log("register_deactivation_hook"); global $aa_PP,$aa_SIDS;$aa_PP=get_option("askapache_password_protect"); $aa_SIDS=get_option("askapache_password_protect_sids"); aa_pp_deactivate_sid("PASSPRO","ASKAPACHE ",$aa_PP["root_htaccess"]); aa_pp_deactivate_sid("PASSPRO","ASKAPACHE ",$aa_PP["admin_htaccess"]); delete_option("askapache_password_protect"); delete_option("askapache_password_protect_sids");')); add_filter("plugin_action_links_{$_aapb}", create_function('$l', 'return array_merge(array("Settings"), $l);')); add_action('admin_menu', create_function('','error_log("admin_menu");add_options_page("AskApache Password Protection","AA PassPro",8,"'.$_aabf.'","aa_pp_main_page");')); add_action("admin_head-{$_aahk}", create_function('','error_log("admin_head-'.$_aahk.'");')); add_action("load-{$_aahk}", create_function('','error_log("load-'.$_aahk.'");@set_time_limit(60);@set_magic_quotes_runtime(0); global $aa_PP,$aa_SIDS;$aa_PP=get_option("askapache_password_protect");$aa_SIDS=get_option("askapache_password_protect_sids");')); //global $AA_DEBUG;"POST"==$_SERVER["REQUEST_METHOD"] && $AA_DEBUG->handle_post();')); unset($_aapb,$_aahk,$_aabf); endif; /* add_action("admin_init", create_function('',' aa_pp_debug_log("admin_init"); global $AA_DEBUG;$AA_DEBUG->LoadOptions(); $AA_DEBUG->old_track_errors=@ini_set("track_errors",1);$AA_DEBUG->old_error_reporting=error_reporting(-1);')); */ ?>