'UpdraftCentral_Core_Commands',
'updates' => 'UpdraftCentral_Updates_Commands',
'users' => 'UpdraftCentral_Users_Commands',
'comments' => 'UpdraftCentral_Comments_Commands',
'analytics' => 'UpdraftCentral_Analytics_Commands',
'plugin' => 'UpdraftCentral_Plugin_Commands'
));
// If nothing was sent, then there is no incoming message, so no need to set up a listener (or CORS request, etc.). This avoids a DB SELECT query on the option below in the case where it didn't get autoloaded, which is the case when there are no keys.
if (!empty($_SERVER['REQUEST_METHOD']) && ('GET' == $_SERVER['REQUEST_METHOD'] || 'POST' == $_SERVER['REQUEST_METHOD']) && (empty($_REQUEST['action']) || 'updraft_central' !== $_REQUEST['action']) && empty($_REQUEST['udcentral_action']) && empty($_REQUEST['udrpc_message'])) return;
// Remote control keys
// These are different from the remote send keys, which are set up in the Migrator add-on
$our_keys = UpdraftPlus_Options::get_updraft_option('updraft_central_localkeys');
if (is_array($our_keys) && !empty($our_keys)) {
$remote_control = new UpdraftPlus_UpdraftCentral_Listener($our_keys, $command_classes);
}
}
public function wp_ajax_updraftcentral_receivepublickey() {
// The actual nonce check is done in the method below
if (empty($_GET['_wpnonce']) || empty($_GET['public_key']) || !isset($_GET['updraft_key_index'])) die;
$result = $this->receive_public_key();
if (!is_array($result) || empty($result['responsetype'])) die;
echo 'UpdraftCentral'.__('UpdraftCentral Connection', 'updraftplus').'
'.htmlspecialchars(network_site_url()).'
';
if ('ok' == $result['responsetype']) {
echo __('An UpdraftCentral connection has been made successfully.', 'updraftplus');
} else {
echo ''.__('A new UpdraftCentral connection has not been made.', 'updraftplus').'
';
switch ($result['code']) {
case 'unknown_key':
echo __('The key referred to was unknown.', 'updraftplus');
break;
case 'not_logged_in':
echo __('You are not logged into this WordPress site in your web browser.', 'updraftplus').' '.__('You must visit this URL in the same browser and login session as you created the key in.', 'updraftplus');
break;
case 'nonce_failure':
echo 'Security check. ';
_e('You must visit this link in the same browser and login session as you created the key in.', 'updraftplus');
break;
case 'already_have':
echo __('This connection appears to already have been made.', 'updraftplus');
break;
default:
echo htmlspecialchars(print_r($result, true));
break;
}
}
echo '
'.__('Close...', 'updraftplus').'
';
die;
}
/**
* Checks _wpnonce, and if successful, saves the public key found in $_GET
*
* @return Array - with keys responsetype (can be 'error' or 'ok') and code, indicating whether the parse was successful
*/
private function receive_public_key() {
if (!is_user_logged_in()) {
return array('responsetype' => 'error', 'code' => 'not_logged_in');
}
if (!wp_verify_nonce($_GET['_wpnonce'], 'updraftcentral_receivepublickey')) return array('responsetype' => 'error', 'code' => 'nonce_failure');
$updraft_key_index = $_GET['updraft_key_index'];
$our_keys = UpdraftPlus_Options::get_updraft_option('updraft_central_localkeys');
if (!is_array($our_keys)) $our_keys = array();
if (!isset($our_keys[$updraft_key_index])) {
return array('responsetype' => 'error', 'code' => 'unknown_key');
}
if (!empty($our_keys[$updraft_key_index]['publickey_remote'])) {
return array('responsetype' => 'error', 'code' => 'already_have');
}
$our_keys[$updraft_key_index]['publickey_remote'] = base64_decode($_GET['public_key']);
UpdraftPlus_Options::update_updraft_option('updraft_central_localkeys', $our_keys);
return array('responsetype' => 'ok', 'code' => 'ok');
}
/**
* Action parameters, from udrpc: $message, $level, $this->key_name_indicator, $this->debug, $this
*
* @param string $message The log message
* @param string $level Log level
* @param string $key_name_indicator This indicates the key name
*/
public function udrpc_log($message, $level, $key_name_indicator) {
$udrpc_log = get_site_option('updraftcentral_client_log');
if (!is_array($udrpc_log)) $udrpc_log = array();
$new_item = array(
'time' => time(),
'level' => $level,
'message' => $message,
'key_name_indicator' => $key_name_indicator
);
if (!empty($_SERVER['REMOTE_ADDR'])) {
$new_item['remote_ip'] = $_SERVER['REMOTE_ADDR'];
}
if (!empty($_SERVER['HTTP_USER_AGENT'])) {
$new_item['http_user_agent'] = $_SERVER['HTTP_USER_AGENT'];
}
if (!empty($_SERVER['HTTP_X_SECONDARY_USER_AGENT'])) {
$new_item['http_secondary_user_agent'] = $_SERVER['HTTP_X_SECONDARY_USER_AGENT'];
}
$udrpc_log[] = $new_item;
if (count($udrpc_log) > 50) array_shift($udrpc_log);
update_site_option('updraftcentral_client_log', $udrpc_log);
}
public function delete_key($key_id) {
$our_keys = UpdraftPlus_Options::get_updraft_option('updraft_central_localkeys');
if (!is_array($our_keys)) $our_keys = array();
if (isset($our_keys[$key_id])) {
unset($our_keys[$key_id]);
UpdraftPlus_Options::update_updraft_option('updraft_central_localkeys', $our_keys);
}
return array('deleted' => 1, 'keys_table' => $this->get_keys_table());
}
public function get_log($params) {
$udrpc_log = get_site_option('updraftcentral_client_log');
if (!is_array($udrpc_log)) $udrpc_log = array();
$log_contents = '';
// Events are appended to the array in the order they happen. So, reversing the order gets them into most-recent-first order.
rsort($udrpc_log);
if (empty($udrpc_log)) {
$log_contents = ''.__('(Nothing yet logged)', 'updraftplus').'';
}
foreach ($udrpc_log as $m) {
// Skip invalid data
if (!isset($m['time'])) continue;
$time = gmdate('Y-m-d H:i:s O', $m['time']);
// $level is not used yet. We could put the message in different colours for different levels, if/when it becomes used.
$key_name_indicator = empty($m['key_name_indicator']) ? '' : $m['key_name_indicator'];
$log_contents .= ''."$time ";
if (!empty($m['remote_ip'])) $log_contents .= '['.htmlspecialchars($m['remote_ip']).'] ';
$log_contents .= "[".htmlspecialchars($key_name_indicator)."] ".htmlspecialchars($m['message'])."\n";
}
return array('log_contents' => $log_contents);
}
public function create_key($params) {
// Use the site URL - this means that if the site URL changes, communication ends; which is the case anyway
$user = wp_get_current_user();
$where_send = empty($params['where_send']) ? '' : (string) $params['where_send'];
if ('__updraftpluscom' != $where_send) {
$purl = parse_url($where_send);
if (empty($purl) || !array($purl) || empty($purl['scheme']) || empty($purl['host'])) return array('error' => __('An invalid URL was entered', 'updraftplus'));
}
// ENT_HTML5 exists only on PHP 5.4+
// @codingStandardsIgnoreLine
$flags = defined('ENT_HTML5') ? ENT_QUOTES | ENT_HTML5 : ENT_QUOTES;
$extra_info = array(
'user_id' => $user->ID,
'user_login' => $user->user_login,
'ms_id' => get_current_blog_id(),
'site_title' => html_entity_decode(get_bloginfo('name'), $flags),
);
if ($where_send) {
$extra_info['mothership'] = $where_send;
if (!empty($params['mothership_firewalled'])) {
$extra_info['mothership_firewalled'] = true;
}
}
if (!empty($params['key_description'])) {
$extra_info['name'] = (string) $params['key_description'];
}
$key_size = (empty($params['key_size']) || !is_numeric($params['key_size']) || $params['key_size'] < 512) ? 2048 : (int) $params['key_size'];
$extra_info['key_size'] = $key_size;
$created = $this->create_remote_control_key(false, $extra_info, $where_send);
if (is_array($created)) {
$created['keys_table'] = $this->get_keys_table();
$created['keys_guide'] = ''. __('UpdraftCentral key created successfully') .'
';
if ('__updraftpluscom' != $where_send) {
$created['keys_guide'] .= ''.sprintf(__('You now need to copy the key below and enter it at your %s.', 'updraftplus'), 'UpdraftCentral dashboard').'
'.__('At your UpdraftCentral dashboard you should press the "Add Site" button then paste the key in the input box.', 'updraftplus').'
'.sprintf(__('Detailed instructions for this can be found at %s', 'updraftplus'), 'UpdraftPlus.com').'
'. sprintf(__('You can now control this site via your UpdraftCentral dashboard at %s.', 'updraftplus'), 'UpdraftPlus.com').'
| '.__('There are no UpdraftCentral dashboards that can currently control this site.', 'updraftplus').' |
';
}
foreach ($our_keys as $i => $key) {
if (empty($key['extra_info'])) continue;
$user_id = $key['extra_info']['user_id'];
if (!empty($key['extra_info']['mothership'])) {
$mothership_url = $key['extra_info']['mothership'];
if ('__updraftpluscom' == $mothership_url) {
$reconstructed_url = 'https://updraftplus.com';
} else {
$purl = parse_url($mothership_url);
$path = empty($purl['path']) ? '' : $purl['path'];
$reconstructed_url = $purl['scheme'].'://'.$purl['host'].(!empty($purl['port']) ? ':'.$purl['port'] : '').$path;
}
} else {
$reconstructed_url = __('Unknown', 'updraftplus');
}
$name = $key['name'];
$user = get_user_by('id', $user_id);
$user_display = is_a($user, 'WP_User') ? $user->user_login.' ('.$user->user_email.')' : __('Unknown', 'updraftplus');
$ret .= '| '.htmlspecialchars($name).' ('.htmlspecialchars($i).') | '.__("Access this site as user:", 'updraftplus')." ".htmlspecialchars($user_display)."
".__('Public key was sent to:', 'updraftplus').' '.htmlspecialchars($reconstructed_url).'
';
if (!empty($key['created'])) {
$ret .= __('Created:', 'updraftplus').' '.date_i18n(get_option('date_format').' '.get_option('time_format'), $key['created']).'.';
if (!empty($key['extra_info']['key_size'])) {
$ret .= ' '.sprintf(__('Key size: %d bits', 'updraftplus'), $key['extra_info']['key_size']).'.';
}
$ret .= '
';
}
$ret .= ''.__('Delete...', 'updraftplus').' |
';
}
ob_start();
?>