HEX
Server: Apache/2.4.58 (Ubuntu)
System: Linux ns3133907 6.8.0-86-generic #87-Ubuntu SMP PREEMPT_DYNAMIC Mon Sep 22 18:03:36 UTC 2025 x86_64
User: cssnetorguk (1024)
PHP: 8.2.28
Disabled: NONE
Upload Files
File: //home/davidrendel.org.uk/public_html/wp-content/plugins/sg-security/core/Rest/Rest.php
<?php
namespace SG_Security\Rest;

/**
 * Main Rest class.
 */
class Rest {

	const REST_NAMESPACE = 'sg-security/v1';

	/**
	 * Local variables
	 *
	 * @var mixed
	 */
	public $options_helper;
	public $post_hack_helper;
	public $site_security_helper;
	public $login_helper;
	public $dashboard_helper;
	public $activity_helper;

	/**
	 * The constructor.
	 */
	public function __construct() {
		$this->options_helper       = new Rest_Helper_Options();
		$this->post_hack_helper     = new Rest_Helper_Post_Hack_Actions();
		$this->site_security_helper = new Rest_Helper_Site_Security();
		$this->login_helper         = new Rest_Helper_Login();
		$this->dashboard_helper     = new Rest_Helper_Dashboard();
		$this->activity_helper      = new Rest_Helper_Activity();
	}

	/**
	 * Check if a given request has admin access
	 *
	 * @since  1.0.0
	 *
	 * @param  WP_REST_Request $request Full data about the request.
	 */
	public function check_permissions( $request ) {
		return current_user_can( 'activate_plugins' );
	}

	/**
	 * Register rest routes.
	 *
	 * @since  1.0.0
	 */
	public function register_rest_routes() {
		$this->register_options_routes();
		$this->register_post_hack_action_routes();
		$this->register_site_security_routes();
		$this->register_login_routes();
		$this->register_dashboard_routes();
		$this->register_activity_log_routes();
	}

	/**
	 * Register options rest routes.
	 *
	 * @since  1.0.0
	 */
	public function register_options_routes() {
		register_rest_route(
			self::REST_NAMESPACE, '/fetch-options/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->options_helper, 'fetch_options' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);
	}

	/**
	 * Register post hack rest routes.
	 *
	 * @since  1.0.0
	 */
	public function register_post_hack_action_routes() {
		register_rest_route(
			self::REST_NAMESPACE, '/reinstall-plugins/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->post_hack_helper, 'resinstall_plugins' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/force-password-reset/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->post_hack_helper, 'force_password_reset' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/logout-users/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->post_hack_helper, 'logout_users' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);
	}

	/**
	 * Register site security rest routes.
	 *
	 * @since  1.0.0
	 */
	public function register_site_security_routes() {
		register_rest_route(
			self::REST_NAMESPACE, '/lock-system-folders/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->site_security_helper, 'lock_system_folders' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/disable-editors/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->site_security_helper, 'disable_editors' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/hide-wp-version/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->site_security_helper, 'hide_wp_version' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/disable-xml-rpc/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->site_security_helper, 'disable_xml_rpc' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/disable-feeds/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->site_security_helper, 'disable_feeds' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/delete-readme/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->site_security_helper, 'delete_readme' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/xss-protection/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->site_security_helper, 'xss_protection' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);
	}

	/**
	 * Register login rest routes.
	 *
	 * @since  1.0.0
	 */
	public function register_login_routes() {
		register_rest_route(
			self::REST_NAMESPACE, '/2fa/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->login_helper, 'sg2fa' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/reset-user-2fa/(?P<id>\d+)', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->login_helper, 'reset_user_2fa' ),
				'permission_callback' => array( $this, 'check_permissions' ),
				'args'                => array(
					'id' => array(
						'validate_callback' => function( $param, $request, $key ) {
							return is_numeric( $param );
						},
					),
				),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/disable-admin-username/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->login_helper, 'disable_admin_username' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/login-access/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->login_helper, 'login_access' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/limit-login-attempts/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->login_helper, 'limit_login_attempts' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/custom-login-url/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->login_helper, 'custom_login_url' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

	}

	/**
	 * Register dashboard rest routes.
	 *
	 * @since  1.0.0
	 */
	public function register_dashboard_routes() {
		register_rest_route(
			self::REST_NAMESPACE, '/notifications/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->dashboard_helper, 'notifications' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/hardening/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->dashboard_helper, 'hardening' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/e-book/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->dashboard_helper, 'ebook' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/rate/', array(
				'methods'             => array( \WP_REST_Server::CREATABLE ),
				'callback'            => array( $this->dashboard_helper, 'rate' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);
	}

	/**
	 * Register activity log rest routes.
	 *
	 * @since  1.0.0
	 */
	public function register_activity_log_routes() {
		register_rest_route(
			self::REST_NAMESPACE, '/activity-unknown/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->activity_helper, 'unknown_activity' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/activity-registered/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->activity_helper, 'registered_activity' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/blocked-users/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->activity_helper, 'get_blocked_user' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/block-ip/(?P<id>\d+)', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->activity_helper, 'block_ip' ),
				'permission_callback' => array( $this, 'check_permissions' ),
				'args'                => array(
					'ip' => array(
						'validate_callback' => function( $param, $request, $key ) {
							return filter_var( $param, FILTER_VALIDATE_IP );
						},
					),
				),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/login-unblock/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->activity_helper, 'login_unblock' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/block-user/(?P<id>\d+)', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->activity_helper, 'block_user' ),
				'permission_callback' => array( $this, 'check_permissions' ),
				'args'                => array(
					'id' => array(
						'validate_callback' => function( $param, $request, $key ) {
							return is_numeric( $param );
						},
					),
				),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/get-visitor-status/(?P<id>\d+)', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->activity_helper, 'get_visitor_status' ),
				'permission_callback' => array( $this, 'check_permissions' ),
				'args'                => array(
					'ip' => array(
						'validate_callback' => function( $param, $request, $key ) {
							return is_numeric( $param );
						},
					),
				),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/weekly-report/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->activity_helper, 'get_weekly_report_recipients' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/notification-emails/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->activity_helper, 'manage_notification_emails' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/manage-activity-log/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->activity_helper, 'manage_activity_log' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);

		register_rest_route(
			self::REST_NAMESPACE, '/activity-log-lifetime/', array(
				'methods'             => \WP_REST_Server::CREATABLE,
				'callback'            => array( $this->activity_helper, 'activity_log_lifetime' ),
				'permission_callback' => array( $this, 'check_permissions' ),
			)
		);
	}
}