diff --git a/gourl.php b/gourl.php index bab82d5..f230bb3 100644 --- a/gourl.php +++ b/gourl.php @@ -6,29 +6,29 @@ final class gourlclass { - private $options = array(); // global setting values - private $hash_url = ""; // security; save your gourl public/private keys sha1 hash in file (db and file) + private $options = array(); // global setting values + private $hash_url = ""; // security; save your gourl public/private keys sha1 hash in file (db and file) private $errors = array(); // global setting errors - private $payments = array(); // global activated payments (bitcoin, litecoin, etc) + private $payments = array(); // global activated payments (bitcoin, litecoin, etc) private $options2 = array(); // pay-per-view settings private $options3 = array(); // pay-per-membership settings private $page = array(); // current page url private $id = 0; // current record id - private $record = array(); // current record values - private $record_errors = array(); // current record errors - private $record_info = array(); // current record messages - private $record_fields = array(); // current record fields + private $record = array(); // current record values + private $record_errors = array(); // current record errors + private $record_info = array(); // current record messages + private $record_fields = array(); // current record fields - private $updated = false; // publish 'record updated' message + private $updated = false; // publish 'record updated' message private $lock_type = ""; // membership or view private $coin_names = array(); private $coin_chain = array(); private $coin_www = array(); - private $languages = array(); + private $languages = array(); private $custom_images = array('img_plogin'=>'Payment Login', 'img_flogin'=>'File Download Login', 'img_sold'=>'Product Sold', 'img_pdisable'=>'Payments Disabled', 'img_fdisable'=>'File Payments Disabled', 'img_nofile'=>'File Not Exists'); // custom payment box images private $expiry_period = array('NO EXPIRY', '10 MINUTES', '20 MINUTES', '30 MINUTES', '1 HOUR', '2 HOURS', '3 HOURS', '6 HOURS', '12 HOURS', '1 DAY', '2 DAYS', '3 DAYS', '4 DAYS', '5 DAYS', '1 WEEK', '2 WEEKS', '3 WEEKS', '4 WEEKS', '1 MONTH', '2 MONTHS', '3 MONTHS', '6 MONTHS', '12 MONTHS'); // payment expiry period @@ -42,9 +42,9 @@ final class gourlclass private $expiry_view = array("2 DAYS", "1 DAY", "12 HOURS", "6 HOURS", "3 HOURS", "2 HOURS", "1 HOUR"); private $lock_level_view = array("Unregistered Visitors", "Unregistered Visitors + Registered Subscribers", "Unregistered Visitors + Registered Subscribers/Contributors", "Unregistered Visitors + Registered Subscribers/Contributors/Authors"); - private $fields_membership = array("ppmPrice" => "0.00", "ppmPriceCoin" => "0.0000", "ppmPriceLabel" => "BTC", "ppmExpiry" => "1 MONTH", "ppmLevel" => 0, "ppmProfile" => 0, "ppmLang" => "en", "ppmCoin" => "", "ppmOneCoin" => "", "ppmTextAbove" => "", "ppmTextBelow" => "", "ppmTextAbove2" => "", "ppmTextBelow2" => "", "ppmTitle" => "", "ppmTitle2" => "", "ppmCommentAuthor" => "", "ppmCommentBody" => "", "ppmCommentReply" => ""); + private $fields_membership = array("ppmPrice" => "0.00", "ppmPriceCoin" => "0.0000", "ppmPriceLabel" => "BTC", "ppmExpiry" => "1 MONTH", "ppmLevel" => 0, "ppmProfile" => 0, "ppmLang" => "en", "ppmCoin" => "", "ppmOneCoin" => "", "ppmTextAbove" => "", "ppmTextBelow" => "", "ppmTextAbove2" => "", "ppmTextBelow2" => "", "ppmTitle" => "", "ppmTitle2" => "", "ppmCommentAuthor" => "", "ppmCommentBody" => "", "ppmCommentReply" => ""); private $fields_membership_newuser = array("userID" => 0, "paymentID" => 0, "startDate" => "", "endDate" => "", "disabled" => 0, "recordCreated" => ""); - private $lock_level_membership = array("Registered Subscribers", "Registered Subscribers/Contributors", "Registered Subscribers/Contributors/Authors"); + private $lock_level_membership = array("Registered Subscribers", "Registered Subscribers/Contributors", "Registered Subscribers/Contributors/Authors"); @@ -1048,7 +1048,7 @@ private function save_settings() { $arr = array(); - if (!(is_admin() && current_user_can('administrator'))) + if (!(is_admin() && is_user_logged_in() && current_user_can('administrator'))) { $this->errors[] = __('You don\'t have permission to edit this page. Please login as ADMIN user!', GOURL); return false; @@ -1117,13 +1117,26 @@ public function page_settings() { $readonly = (file_exists($this->hash_url) && !is_writable($this->hash_url)) ? 'readonly' : ''; + if ($readonly) + { + $txt = (is_readable($this->hash_url)) ? file_get_contents($this->hash_url) : ""; + $arr = json_decode($txt, true); + if (isset($arr["nonce"]) && $arr["nonce"] != sha1(md5(NONCE_KEY))) + { + $this->errors[] = sprintf(__('The value of wordpress constant NONCE_KEY has been changed.
Please unlock "%s" and re-enter your gourl keys; and after that, you can lock gourl.hash file again', GOURL), $this->hash_url); + } + unset($arr); unset($txt); + } + + + if ($this->errors) $message = "
".__('Please fix errors below:', GOURL)."
"; elseif ($this->updated) $message = '

'.__('Settings have been updated successfully', GOURL).'

'; else $message = ""; if (!$this->errors && ((isset($_GET['testconnect']) && $_GET["testconnect"] == "true") || $this->updated)) { - if (!(is_admin() && current_user_can('administrator'))) $message .= "

".__('Cannot test connection to GoUrl.io Payment Server. You should be ADMIN user!', GOURL)."

"; + if (!(is_admin() && is_user_logged_in() && current_user_can('administrator'))) $message .= "

".__('Cannot test connection to GoUrl.io Payment Server. You should be ADMIN user!', GOURL)."

"; else { $messages = $this->test_gourl_connection( $this->updated ); @@ -1164,7 +1177,7 @@ public function page_settings() $tmp .= '

'.sprintf(__( "If you use multiple websites online, please create separate GoUrl Payment Box records (with unique payment box public/private keys) for each of your websites. Do not use the same GoUrl Payment Box with the same public/private keys on your different websites.", GOURL ), "https://gourl.io/editrecord/coin_boxes/0") . '

'; $tmp .= '

'.sprintf(__( "If you want to use plugin in a language other than English, see the page Languages and Translations.   This enables you to easily customize the texts of all the labels visible to your users.", GOURL ), "https://gourl.io/languages.html", "https://gourl.io/languages.html") . '

'; - if (!$readonly) $tmp .= '

'.sprintf(__( "ADDITIONAL PAYMENTS SECURITY - You can make file %s - readonly. GoUrl Public/Private keys on page below will be not editable anymore (readonly mode). Optional - for full security make readonly gourl main plugin file gourl.php also.", GOURL ), $this->hash_url, "".basename($this->hash_url)."", "https://www.cyberciti.biz/faq/linux-write-protecting-a-file/", "https://www.cyberciti.biz/faq/linux-write-protecting-a-file/", plugin_dir_url( __FILE__ )."gourl.php") . '

'; + if (!$readonly) $tmp .= '

'.sprintf(__( "ADDITIONAL PAYMENTS SECURITY - You can make file %s - readonly (file location - %s; instruction)
GoUrl Public/Private keys on page below will be not editable anymore (readonly mode).
Optional - for full security make readonly gourl main plugin file gourl.php also.", GOURL ), $this->hash_url, "".basename($this->hash_url)."", "https://www.cyberciti.biz/faq/linux-write-protecting-a-file/", (strpos($this->hash_url, "wp-content") ? "wp-content".$this->right($this->hash_url, "wp-content") : $this->hash_url), "https://www.cyberciti.biz/faq/linux-write-protecting-a-file/", "https://www.cyberciti.biz/faq/linux-write-protecting-a-file/", plugin_dir_url( __FILE__ )."gourl.php") . '

'; $tmp .= '

'; $tmp .= '
'; $tmp .= ''; @@ -1592,7 +1605,7 @@ private function save_download() $dt = gmdate('Y-m-d H:i:s'); - if (!(is_admin() && current_user_can('administrator'))) + if (!(is_admin() && is_user_logged_in() && current_user_can('administrator'))) { $this->record_errors[] = __('You don\'t have permission to edit this page. Please login as ADMIN user!', GOURL); return false; @@ -2425,7 +2438,7 @@ private function save_view() if ($this->options2['ppvPriceCoin'] <= 0 || $this->options2['ppvPrice'] > 0) { $this->options2['ppvPriceCoin'] = 0; $this->options2['ppvPriceLabel'] = ""; } - if (!(is_admin() && current_user_can('administrator'))) + if (!(is_admin() && is_user_logged_in() && current_user_can('administrator'))) { $this->record_errors[] = __('You don\'t have permission to edit this page. Please login as ADMIN user!', GOURL); return false; @@ -3241,7 +3254,7 @@ private function save_membership() if ($this->options3['ppmPrice'] <= 0) $this->options3['ppmPrice'] = 0; if ($this->options3['ppmPriceCoin'] <= 0 || $this->options3['ppmPrice'] > 0) { $this->options3['ppmPriceCoin'] = 0; $this->options3['ppmPriceLabel'] = ""; } - if (!(is_admin() && current_user_can('administrator'))) + if (!(is_admin() && is_user_logged_in() && current_user_can('administrator'))) { $this->record_errors[] = __('You don\'t have permission to edit this page. Please login as ADMIN user!', GOURL); return false; @@ -4218,7 +4231,7 @@ private function save_membership_newuser() global $wpdb; - if (!(is_admin() && current_user_can('administrator'))) + if (!(is_admin() && is_user_logged_in() && current_user_can('administrator'))) { $this->record_errors[] = __('You don\'t have permission to edit this page. Please login as ADMIN user!', GOURL); return false; @@ -4319,7 +4332,7 @@ public function save_product() $dt = gmdate('Y-m-d H:i:s'); - if (!(is_admin() && current_user_can('administrator'))) + if (!(is_admin() && is_user_logged_in() && current_user_can('administrator'))) { $this->record_errors[] = __('You don\'t have permission to edit this page. Please login as ADMIN user!', GOURL); return false; @@ -5502,7 +5515,7 @@ public function admin_init() // Actions GET - if (!isset($_POST['ak_action']) && strpos($this->page, GOURL) === 0 && is_admin() && current_user_can('administrator')) + if (!isset($_POST['ak_action']) && strpos($this->page, GOURL) === 0 && is_admin() && is_user_logged_in() && current_user_can('administrator')) { switch($this->page) @@ -5831,7 +5844,7 @@ private function upload_file($file, $dir, $english = true) if (mb_strpos($ext, " ")!==false) $ext = str_replace(" ", "_", $ext); if (mb_strpos($fileName, ".")!==false) $fileName = str_replace(".", "_", $fileName); - if (!(is_admin() && current_user_can('administrator'))) + if (!(is_admin() && is_user_logged_in() && current_user_can('administrator'))) { $this->record_errors[] = sprintf(__("Cannot upload file '%s' on server. Please login as ADMIN user!", GOURL), $file["name"]); return ""; @@ -8500,6 +8513,5 @@ function gourl_altcoin_btc_price ($altcoin, $interval = 1) } - return 0; -} - \ No newline at end of file + return 0; +} \ No newline at end of file diff --git a/gourl_wordpress.php b/gourl_wordpress.php index f2b2413..fe770dc 100644 --- a/gourl_wordpress.php +++ b/gourl_wordpress.php @@ -3,7 +3,7 @@ Plugin Name: GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership Plugin URI: https://gourl.io/bitcoin-wordpress-plugin.html Description: Official GoUrl.io Bitcoin Payment Gateway for Wordpress. White Label Solution. Provides bitcoin/altcoin payment gateways for - WooCommerce, Paid Memberships Pro, bbPress, Give Donations, Pay-Per-View, Pay-Per-Download, etc. Accept Bitcoin, BitcoinCash, BitcoinSV, Litecoin, Dash, Dogecoin, etc payments online. No Chargebacks, Global, Secure. All in automatic mode. -Version: 1.5.4 +Version: 1.5.5 Author: GoUrl.io Author URI: https://gourl.io WC requires at least: 2.1.0 @@ -33,7 +33,7 @@ DEFINE('GOURL', "gourl"); DEFINE('GOURL_PREVIEW', "gourladmin"); -DEFINE('GOURL_VERSION', "1.5.4"); +DEFINE('GOURL_VERSION', "1.5.5"); DEFINE('GOURL_ADMIN', admin_url("admin.php?page=")); DEFINE('GOURL_DIR', $dir_arr["basedir"]."/".GOURL.'/'); DEFINE('GOURL_DIR2', $dir_arr["baseurl"]."/".GOURL.'/'); diff --git a/readme.md b/readme.md index 327f1f0..bb0f17f 100644 --- a/readme.md +++ b/readme.md @@ -2,7 +2,7 @@ GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership ----------------------------------------------------------- -Version 1.5.4 +Version 1.5.5 **GoUrl Official Bitcoin/Altcoin Payment Gateway for Wordpress 3.5 or higher version** @@ -17,7 +17,7 @@ Accept Bitcoin, BitcoinCash, BitcoinSV, Litecoin, Dash, Dogecoin, Speedcoin, Red * Instruction - [https://tishonator.com/blog/how-to-add-bitcoin-payment-to-your-woocommerce-store](https://tishonator.com/blog/how-to-add-bitcoin-payment-to-your-woocommerce-store) * Requires at least: 3.5 * Tested up to: 5.5 -* Stable Tag: 1.5.4 +* Stable Tag: 1.5.5 * License: GNU Version 2 or Any Later Version diff --git a/readme.txt b/readme.txt index c2b2858..8dbcb3e 100644 --- a/readme.txt +++ b/readme.txt @@ -6,7 +6,7 @@ Author URI: https://gourl.io Tags: bitcoin, accept bitcoin, bitcoin payments, bitcoin woocommerce, bitcoin wordpress plugin, bitcoin wordpress, bitcoin payments, bitcoincash, bitcoin cash, bitcoin sv, bitcoins, affiliate program, cryptocurrency, affiliates, altcoins, bitpay, paid memberships pro, pmpro, paid membership, btc, marketpress, coinbase, e-commerce, content protection, access-control, credit cards, currency, payment, dash, digital downloads, dogecoin, donation, downloads, e-downloads, e-store, easy digital downloads, ecommerce, feathercoin, universalcurrency, file download, gateway, gourl, litecoin, membership, paid content, payment gateway, paypal, potcoin, protection, reddcoin, registration, restrict access, restrict content, speedcoin, subscription, usd, vertcoin, virtual currency, jigoshop, woocommerce, authorize, shop, wp e-commerce, appthemes, classipress, vantage, jobroller, clipper, taskerr, hirebee, ideas, quality control, akismet, bbpress, buddypress, discussion, forums, forum, bitcoin donations, bitcoin donation, charity, churches, crowdfunding, donate, donation, donations, fundraiser, fundraising, gifts, giving, non-profit, nonprofit, paypal, stripe, give, wordpress donations, bitcoin, payments, payment gateway, digital downloads, download, downloads, e-commerce, e-downloads, e-store, ecommerce, eshop, selling, wp ecommerce, edd, easy digital downloads, litecoin, dogecoin, dash, speedcoin, vertcoin, reddcoin, feathercoin, potcoin, monetaryunit, peercoin, white label Requires at least: 3.5 Tested up to: 5.5 -Stable Tag: 1.5.4 +Stable Tag: 1.5.5 License: GNU Version 2 or Any Later Version License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -181,8 +181,12 @@ Yes, we offer [Free Technical Support](https://gourl.io/view/contact/Contact_Us. == Changelog == += 1.5.5 = +Several new enhancements. Mandatory Update! + = 1.5.4 = -Several new enhancements +* Security issue fixed +* Several new enhancements = 1.5.3 = Update currencyconverterapi.com api @@ -351,4 +355,4 @@ Add Pay-Per-Product, Pay-Per-Membership = 1.0.0 = This is the first version of GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership Plugin - \ No newline at end of file + \ No newline at end of file