File Manager

X7ROOT File Manager

Current Path: /home/oakwood/public_html/wp-content/plugins/wordfence/lib

home / oakwood / public_html / wp-content / plugins / wordfence / lib /

ðŸ“ ..
ðŸ“„ .htaccess(354 B)
ðŸ“ Diff
ðŸ“„ Diff.php(5.63 KB)
ðŸ“„ GeoLite2-Country.mmdb(7.46 MB)
ðŸ“„ IPTraf.php(1.17 KB)
ðŸ“„ IPTrafList.php(2.98 KB)
ðŸ“„ WFLSPHP52Compatability.php(1.27 KB)
ðŸ“ audit-log
ðŸ“„ compat.php(425 B)
ðŸ“ dashboard
ðŸ“„ diffResult.php(2.81 KB)
ðŸ“„ email_genericAlert.php(1.39 KB)
ðŸ“„ email_newIssues.php(8.82 KB)
ðŸ“„ email_unlockRequest.php(2.34 KB)
ðŸ“„ email_unsubscribeRequest.php(1.05 KB)
ðŸ“„ flags.php(6.62 KB)
ðŸ“„ live_activity.php(580 B)
ðŸ“„ menu_dashboard.php(28 KB)
ðŸ“„ menu_dashboard_options.php(15.21 KB)
ðŸ“„ menu_firewall.php(2.12 KB)
ðŸ“„ menu_firewall_blocking.php(10.25 KB)
ðŸ“„ menu_firewall_blocking_options.php(4.63 KB)
ðŸ“„ menu_firewall_waf.php(19.96 KB)
ðŸ“„ menu_firewall_waf_options.php(11.09 KB)
ðŸ“„ menu_install.php(1.73 KB)
ðŸ“„ menu_options.php(24.7 KB)
ðŸ“„ menu_scanner.php(21.53 KB)
ðŸ“„ menu_scanner_credentials.php(2.77 KB)
ðŸ“„ menu_scanner_options.php(8.41 KB)
ðŸ“„ menu_support.php(17.82 KB)
ðŸ“„ menu_tools.php(1.49 KB)
ðŸ“„ menu_tools_auditlog.php(16.43 KB)
ðŸ“„ menu_tools_diagnostic.php(49.35 KB)
ðŸ“„ menu_tools_importExport.php(1.28 KB)
ðŸ“„ menu_tools_livetraffic.php(39.43 KB)
ðŸ“„ menu_tools_twoFactor.php(19.6 KB)
ðŸ“„ menu_tools_whois.php(4.61 KB)
ðŸ“„ menu_wordfence_central.php(9.66 KB)
ðŸ“„ noc1.key(1.64 KB)
ðŸ“ rest-api
ðŸ“„ sodium_compat_fast.php(185 B)
ðŸ“„ sysinfo.php(1.47 KB)
ðŸ“„ viewFullActivityLog.php(1.47 KB)
ðŸ“„ wf503.php(9.63 KB)
ðŸ“„ wfAPI.php(10.1 KB)
ðŸ“„ wfActivityReport.php(20.45 KB)
ðŸ“„ wfAdminNoticeQueue.php(5.2 KB)
ðŸ“„ wfAlerts.php(7.37 KB)
ðŸ“„ wfArray.php(1.77 KB)
ðŸ“„ wfAuditLog.php(47.13 KB)
ðŸ“„ wfBrowscap.php(3.9 KB)
ðŸ“„ wfBrowscapCache.php(256.83 KB)
ðŸ“„ wfBulkCountries.php(9.77 KB)
ðŸ“„ wfCache.php(6.02 KB)
ðŸ“„ wfCentralAPI.php(25.8 KB)
ðŸ“„ wfConfig.php(122.49 KB)
ðŸ“„ wfCrawl.php(6.56 KB)
ðŸ“„ wfCredentialsController.php(5.16 KB)
ðŸ“„ wfCrypt.php(4.05 KB)
ðŸ“„ wfCurlInterceptor.php(1.02 KB)
ðŸ“„ wfDB.php(11.49 KB)
ðŸ“„ wfDashboard.php(8.2 KB)
ðŸ“„ wfDateLocalization.php(352.13 KB)
ðŸ“„ wfDeactivationOption.php(2.13 KB)
ðŸ“„ wfDiagnostic.php(66.87 KB)
ðŸ“„ wfDict.php(738 B)
ðŸ“„ wfDirectoryIterator.php(1.89 KB)
ðŸ“„ wfFileUtils.php(2.72 KB)
ðŸ“„ wfHelperBin.php(1.97 KB)
ðŸ“„ wfHelperString.php(2.13 KB)
ðŸ“„ wfIPWhitelist.php(1.56 KB)
ðŸ“„ wfImportExportController.php(3.23 KB)
ðŸ“„ wfInaccessibleDirectoryException.php(303 B)
ðŸ“„ wfInvalidPathException.php(266 B)
ðŸ“„ wfIpLocation.php(1.73 KB)
ðŸ“„ wfIpLocator.php(2.74 KB)
ðŸ“„ wfIssues.php(27.91 KB)
ðŸ“„ wfJWT.php(5.33 KB)
ðŸ“„ wfLicense.php(10.43 KB)
ðŸ“„ wfLockedOut.php(9.73 KB)
ðŸ“„ wfLog.php(57.11 KB)
ðŸ“„ wfMD5BloomFilter.php(5.2 KB)
ðŸ“„ wfModuleController.php(754 B)
ðŸ“„ wfNotification.php(6.41 KB)
ðŸ“„ wfOnboardingController.php(9.22 KB)
ðŸ“„ wfPersistenceController.php(819 B)
ðŸ“„ wfRESTAPI.php(377 B)
ðŸ“„ wfScan.php(15.92 KB)
ðŸ“„ wfScanEngine.php(133.6 KB)
ðŸ“„ wfScanEntrypoint.php(1.04 KB)
ðŸ“„ wfScanFile.php(1.01 KB)
ðŸ“„ wfScanFileLink.php(403 B)
ðŸ“„ wfScanFileListItem.php(408 B)
ðŸ“„ wfScanFileProperties.php(1.07 KB)
ðŸ“„ wfScanMonitor.php(4.05 KB)
ðŸ“„ wfScanPath.php(1.77 KB)
ðŸ“„ wfSchema.php(10.91 KB)
ðŸ“„ wfStyle.php(1.21 KB)
ðŸ“„ wfSupportController.php(24.18 KB)
ðŸ“„ wfUnlockMsg.php(1.14 KB)
ðŸ“„ wfUpdateCheck.php(27.23 KB)
ðŸ“„ wfUtils.php(124.11 KB)
ðŸ“„ wfVersionCheckController.php(19.27 KB)
ðŸ“„ wfVersionSupport.php(535 B)
ðŸ“„ wfView.php(2.22 KB)
ðŸ“„ wfViewResult.php(1.42 KB)
ðŸ“„ wfWebsite.php(1.75 KB)
ðŸ“„ wordfenceClass.php(436.65 KB)
ðŸ“„ wordfenceConstants.php(3.56 KB)
ðŸ“„ wordfenceHash.php(42.7 KB)
ðŸ“„ wordfenceScanner.php(30.47 KB)
ðŸ“„ wordfenceURLHoover.php(18.36 KB)

Editing: wfCredentialsController.php

<?php

class wfCredentialsController {
	const UNCACHED = 'uncached';
	const NOT_LEAKED = 'not-leaked';
	const LEAKED = 'leaked';
	
	const ALLOW_LEGACY_2FA_OPTION = 'allowLegacy2FA';
	const DISABLE_LEGACY_2FA_OPTION = 'disableLegacy2FA';
	
	public static function allowLegacy2FA() {
		return wfConfig::get(self::ALLOW_LEGACY_2FA_OPTION, false);
	}
	
	public static function useLegacy2FA() {
		if (!self::allowLegacy2FA()) {
			return false;
		}
		return !wfConfig::get(self::DISABLE_LEGACY_2FA_OPTION, false);
	}
	
	public static function hasOld2FARecords() {
		$twoFactorUsers = wfConfig::get_ser('twoFactorUsers', array());
		if (is_array($twoFactorUsers) && !empty($twoFactorUsers)) {
			foreach ($twoFactorUsers as &$t) {
				if ($t[3] == 'activated') {
					$user = new WP_User($t[0]);
					if ($user instanceof WP_User && $user->exists()) {
						return true;
					}
				}
			}
		}
		return false;
	}
	
	public static function hasNew2FARecords() {
		if (version_compare(phpversion(), '5.3', '>=') && class_exists('\WordfenceLS\Controller_DB')) {
			global $wpdb;
			$table = WFLSPHP52Compatability::secrets_table();
			return !!intval($wpdb->get_var("SELECT COUNT(*) FROM `{$table}`"));
		}
		return false;
	}
	
	/**
	 * Queries the API and returns whether or not the password exists in the breach database.
	 * 
	 * @param string $login
	 * @param string $password
	 * @return bool
	 */
	public static function isLeakedPassword($login, $password) {
		$sha1 = strtoupper(hash('sha1', $password));
		$prefix = substr($sha1, 0, 5);
		
		$ssl_verify = (bool) wfConfig::get('ssl_verify');
		$args = array(
			'timeout'    => 5,
			'user-agent' => "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]'),
			'sslverify'  => $ssl_verify,
			'headers'	 => array('Referer' => false),
		);
		
		if (!$ssl_verify) { // Some versions of cURL will complain that SSL verification is disabled but the CA bundle was supplied.
			$args['sslcertificates'] = false;
		}
		
		$response = wp_remote_get(sprintf(WORDFENCE_BREACH_URL_BASE_SEC . "%s.txt", $prefix), $args);
		
		if (!is_wp_error($response)) {
			$data = wp_remote_retrieve_body($response);
			$lines = explode("\n", $data);
			foreach ($lines as $l) {
				$components = explode(":", $l);
				$teshSHA1 = $prefix . strtoupper($components[0]);
				if (hash_equals($sha1, $teshSHA1)) {
					return true;
				}
			}
		}
		
		return false;
	}
	
	/**
	 * Returns the transient key for the given user.
	 * 
	 * @param WP_User $user
	 * @return string
	 */
	protected static function _cachedCredentialStatusKey($user) {
		$key = 'wfcredentialstatus_' . $user->ID;
		return $key;
	}
	
	/**
	 * Returns the cached credential status for the given user: self::UNCACHED, self::NOT_LEAKED, or self::LEAKED.
	 * 
	 * @param WP_User $user
	 * @return string
	 */
	public static function cachedCredentialStatus($user) {
		$key = self::_cachedCredentialStatusKey($user);
		$value = get_transient($key);
		if ($value === false) {
			return self::UNCACHED;
		}
		
		$status = substr($value, 0, 1);
		if (strlen($value) > 1) {
			if (!hash_equals(substr($value, 1), hash('sha256', $user->user_pass))) { //Different hash but our clear function wasn't called so treat it as uncached
				return self::UNCACHED;
			}
		}
		
		if ($status) {
			return self::LEAKED;
		}
		return self::NOT_LEAKED;
	}
	
	/**
	 * Stores a cached leak value for the given user.
	 * 
	 * @param WP_User $user
	 * @param bool $isLeaked
	 */
	public static function setCachedCredentialStatus($user, $isLeaked) {
		$key = self::_cachedCredentialStatusKey($user);
		set_transient($key, ($isLeaked ? '1' : '0') . hash('sha256', $user->user_pass), 3600);
	}
	
	/**
	 * Clears the cache for the given user.
	 * 
	 * @param WP_User $user
	 */
	public static function clearCachedCredentialStatus($user) {
		$key = self::_cachedCredentialStatusKey($user);
		delete_transient($key);
	}
	
	/**
	 * Returns whether or not we've seen a successful login from $ip for the given user.
	 * 
	 * @param WP_User $user
	 * @param string $ip
	 * @return bool
	 */
	public static function hasPreviousLoginFromIP($user, $ip) {
		global $wpdb;
		$table_wfLogins = wfDB::networkTable('wfLogins');
		
		$id = property_exists($user, 'ID') ? $user->ID : 0;
		if ($id == 0) {
			return false;
		}
		
		$ipHex = wfDB::binaryValueToSQLHex(wfUtils::inet_pton($ip));
		$result = $wpdb->get_row($wpdb->prepare("SELECT id FROM {$table_wfLogins} WHERE action = 'loginOK' AND userID = %d AND IP = {$ipHex} LIMIT 0,1", $id), ARRAY_A);
		if (is_array($result)) {
			return true;
		}
		
		$lastAdminLogin = wfConfig::get_ser('lastAdminLogin');
		if (is_array($lastAdminLogin) && isset($lastAdminLogin['userID']) && isset($lastAdminLogin['IP'])) {
			if ($lastAdminLogin['userID'] == $id && wfUtils::inet_pton($lastAdminLogin['IP']) == wfUtils::inet_pton($ip)) {
				return true;
			}
			return false;
		}
		
		//Final check -- if the IP recorded at plugin activation matches, let it through. This is __only__ checked when we don't have any other record of an admin login.
		$activatingIP = wfConfig::get('activatingIP');
		if (wfUtils::isValidIP($activatingIP)) {
			if (wfUtils::inet_pton($activatingIP) == wfUtils::inet_pton($ip)) {
				return true;
			}
		}
		
		return false;
	}
}

X7ROOT File Manager

Editing: wfCredentialsController.php

Upload File

Create Folder