class-admin.php | searchcode

/wp-content/plugins/really-simple-ssl/class-admin.php

https://bitbucket.org/carloskikea/helpet · PHP · 2582 lines · 1602 code · 427 blank · 553 comment · 387 complexity · 6e7a5d1bfff3eb272f501b92aecef16c MD5 · raw file
Large files are truncated click here to view the full file

<?php
defined('ABSPATH') or die("you do not have access to this page!");

  class rsssl_admin extends rsssl_front_end {

  private static $_this;

  public $wpconfig_siteurl_not_fixed          = FALSE;
  public $no_server_variable                  = FALSE;
  public $errors                              = Array();

  public $do_wpconfig_loadbalancer_fix        = FALSE;
  public $site_has_ssl                        = FALSE;
  public $ssl_enabled                         = FALSE;

  //multisite variables
  public $sites                             = Array(); //for multisite, list of all activated sites.

  //general settings
  public $capability                        = 'activate_plugins';

  public $ssl_test_page_error;
  public $htaccess_test_success             = FALSE;
  public $plugin_version                    = rsssl_version; //deprecated, but used in pro plugin until 1.0.25

  public $plugin_dir                        = "really-simple-ssl";
  public $plugin_filename                   = "rlrsssl-really-simple-ssl.php";
  public $ABSpath;

  public $do_not_edit_htaccess              = FALSE;
  public $htaccess_redirect                 = FALSE;
  public $htaccess_warning_shown            = FALSE;
  public $ssl_success_message_shown         = FALSE;
  public $hsts                              = FALSE;
  public $debug							                = TRUE;
  public $debug_log;

  public $plugin_conflict                   = ARRAY();
  public $plugin_db_version;
  public $plugin_upgraded;
  public $mixed_content_fixer_status        = "OK";
  public $ssl_type                          = "NA";

  private $pro_url           = "https://www.really-simple-ssl.com/pro";

  function __construct() {
    if ( isset( self::$_this ) )
        wp_die( sprintf( __( '%s is a singleton class and you cannot create a second instance.','really-simple-ssl' ), get_class( $this ) ) );

    self::$_this = $this;

    $this->ABSpath = $this->getABSPATH();
    $this->get_options();
    $this->get_admin_options();

    $this->get_plugin_upgraded(); //call always, otherwise db version will not match anymore.

    register_deactivation_hook(dirname( __FILE__ )."/".$this->plugin_filename, array($this,'deactivate') );


  }

  static function this() {
    return self::$_this;
  }


  /**
   * Initializes the admin class
   *
   * @since  2.2
   *
   * @access public
   *
   */

  public function init() {
    if (!current_user_can($this->capability)) return;
    $is_on_settings_page = $this->is_settings_page();

    /*
      Detect configuration when:
      - SSL activation just confirmed.
      - on settings page
      - No SSL detected
    */

    //when configuration should run again
    if ($this->clicked_activate_ssl() || !$this->ssl_enabled || !$this->site_has_ssl || $is_on_settings_page || is_network_admin()) {

      if (is_multisite()) $this->build_domain_list();//has to come after clicked_activate_ssl, otherwise this domain won't get counted.
      $this->detect_configuration();

      //flush caches when just activated ssl
      //flush the permalinks
      if ($this->clicked_activate_ssl()) {
        if (isset($_POST["rsssl_flush_rewrite_rules"])) {
          add_action( 'shutdown', 'flush_rewrite_rules');
        }
        add_action('admin_init', array(RSSSL()->rsssl_cache,'flush'),40);
      }

      if (!$this->wpconfig_ok()) {
        //if we were to activate ssl, this could result in a redirect loop. So warn first.
        add_action("admin_notices", array($this, 'show_notice_wpconfig_needs_fixes'));
        if (is_multisite()) add_action('network_admin_notices', array($this, 'show_notice_wpconfig_needs_fixes'), 10);

        $this->ssl_enabled = false;
        $this->save_options();
      } elseif ($this->ssl_enabled) {
        add_action('init',array($this,'configure_ssl'),20);
      }
    }

    //when SSL is enabled, and not enabled by user, ask for activation.
    add_action("admin_notices", array($this, 'show_notice_activate_ssl'),10);

    add_action('plugins_loaded', array($this,'check_plugin_conflicts'),30);

    //add the settings page for the plugin
    add_action('admin_enqueue_scripts', array($this, 'enqueue_assets'));
    add_action('admin_init', array($this, 'load_translation'),20);
    add_action('rsssl_configuration_page', array($this, 'configuration_page_more'),10);

    //settings page, form  and settings link in the plugins page
    add_action('admin_menu', array($this, 'add_settings_page'),40);
    add_action('admin_init', array($this, 'create_form'),40);

    $plugin = rsssl_plugin;
    add_filter("plugin_action_links_$plugin", array($this,'plugin_settings_link'));

    //check if the uninstallfile is safely renamed to php.
    $this->check_for_uninstall_file();

    //callbacks for the ajax dismiss buttons
    add_action('wp_ajax_dismiss_htaccess_warning', array($this,'dismiss_htaccess_warning_callback') );
    add_action('wp_ajax_dismiss_success_message', array($this,'dismiss_success_message_callback') );

    //handle notices
    add_action('admin_notices', array($this,'show_notices'));
  }


  //change deprecated function depending on version.

  public function get_sites_bw_compatible(){
    global $wp_version;
    $sites = ($wp_version >= 4.6 ) ? get_sites() : wp_get_sites();
    return $sites;
  }

  /*
        The new get_sites function returns an object.

  */

  public function switch_to_blog_bw_compatible($site){

    global $wp_version;
    if ($wp_version >= 4.6 ) {
      switch_to_blog( $site->blog_id );
    } else {
      switch_to_blog( $site[ 'blog_id' ] );
    }
  }


  /*
    checks if the user just clicked the "activate SSL" button.
  */

  private function clicked_activate_ssl() {
    if (!current_user_can($this->capability)) return;
    //if (!isset( $_POST['rsssl_nonce'] ) || !wp_verify_nonce( $_POST['rsssl_nonce'], 'rsssl_nonce' )) return false;

    if (isset($_POST['rsssl_do_activate_ssl'])) {
      $this->activate_ssl();
      return true;
    }

    return false;
  }


  /*
        Activate the SSL for this site
  */

  public function activate_ssl(){
    $this->ssl_enabled = true;
    $this->wp_redirect = true;

    $this->set_siteurl_to_ssl();
    $this->save_options();
  }

  public function deactivate_ssl(){
    $this->ssl_enabled = false;
    $this->wp_redirect = false;
    $this->htaccess_redirect = false;

    $this->remove_ssl_from_siteurl();
    $this->save_options();
  }



  public function wpconfig_ok(){
    if (($this->do_wpconfig_loadbalancer_fix || $this->no_server_variable || $this->wpconfig_siteurl_not_fixed) && !$this->wpconfig_is_writable() ) {
      $result = false;
    } else {
      $result = true;
    }

    return apply_filters('rsssl_wpconfig_ok_check', $result);
  }

  /*
      This message is shown when no SSL is not enabled by the user yet
  */

  public function show_notice_activate_ssl(){
    if ($this->ssl_enabled) return;

    if (defined("RSSSL_DISMISS_ACTIVATE_SSL_NOTICE") && RSSSL_DISMISS_ACTIVATE_SSL_NOTICE) return;

    //for multisite, show only activate when a choice has been made to activate networkwide or per site.
    if (is_multisite() && !RSSSL()->rsssl_multisite->selected_networkwide_or_per_site) return;

    //on multistie, only show this message on the network admin. Per site activated sites have to go to the settings page.
    //otherwise sites that do not need SSL possibly get to see this message.

    if (is_multisite() && !is_network_admin()) return;

    if (!$this->wpconfig_ok()) return;

    if (!current_user_can($this->capability)) return;

    if (!$this->site_has_ssl) {

      global $wp;
      $current_url = "https://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"];
      ?>
      <div id="message" class="error fade notice activate-ssl">
      <p><?php _e("No SSL was detected. If you do have an SSL certificate, try to reload this page over https by clicking this link:","really-simple-ssl");?>&nbsp;<a href="<?php echo $current_url?>"><?php _e("reload over https.","really-simple-ssl");?></a>
        <?php _e("You can check your certificate on","really-simple-ssl");?>&nbsp;<a target="_blank" href="https://www.ssllabs.com/ssltest/">Qualys SSL Labs</a>
      </p>
    </div>
    <?php } ?>

    <div id="message" class="updated fade notice activate-ssl">
      <?php if ($this->site_has_ssl) {  ?>
      <h1><?php _e("Almost ready to migrate to SSL!","really-simple-ssl");?></h1>
      <?php } ?>
      <?php _e("Some things can't be done automatically. Before you migrate, please check for: ",'really-simple-ssl');?>
      <p>
        <ul>
          <li><?php _e('Http references in your .css and .js files: change any http:// into //','really-simple-ssl');?></li>
          <li><?php _e('Images, stylesheets or scripts from a domain without an SSL certificate: remove them or move to your own server.','really-simple-ssl');?></li><?php

  $backup_link = "https://really-simple-ssl.com/knowledge-base/backing-up-your-site/";
  $link_open = '<a target="_blank" href="'.$backup_link.'">';
  $link_close = '</a>';

            ?> <li> <?php printf(__("It is recommended to take a %sbackup%s of your site before activating SSL", 'really-simple-ssl'), $link_open, $link_close); ?> </li>
        </ul>
      </p>
      <?php $this->show_pro(); ?>

      <?php RSSSL()->really_simple_ssl->show_enable_ssl_button();?>
    </div>
  <?php }


  /**
    * @since 2.3
    * Returns button to enable SSL.
  */

  public function show_enable_ssl_button(){
    if ($this->site_has_ssl || (defined('rsssl_force_activate') && rsssl_force_activate)) {
    ?>
    <p>
    <form action="" method="post">
      <?php wp_nonce_field( 'rsssl_nonce', 'rsssl_nonce' );?>
      <div>
        <input type="checkbox" name="rsssl_flush_rewrite_rules" checked><label><?php _e("Flush rewrite rules on activation (deselect when you encounter errors)","really-simple-ssl")?></label>
      </div>
      <input type="submit" class='button button-primary' value="<?php _e("Go ahead, activate SSL!","really-simple-ssl");?>" id="rsssl_do_activate_ssl" name="rsssl_do_activate_ssl">
      <br><?php _e("You may need to login in again.", "really-simple-ssl")?>
    </form>
  </p>
    <?php
    }
  }

  /**
    * @since 2.3
    * Shows option to buy pro

  */

  public function show_pro(){
    if ( !defined("rsssl_pro_version") ) {
    ?>
    <p><?php _e('You can also let the automatic scan of the pro version handle this for you, and get premium support, increased security with HSTS and more!','really-simple-ssl');?>&nbsp;<a target="_blank" href="<?php echo $this->pro_url;?>"><?php _e("Check out Really Simple SSL Premium","really-simple-ssl");?></a></p>
    <?php
  }
}


  public function wpconfig_is_writable() {
    $wpconfig_path = $this->find_wp_config_path();
    if (is_writable($wpconfig_path))
      return true;
    else
      return false;
  }

  /*
  *     Check if the uninstall file is renamed to .php
  */

  protected function check_for_uninstall_file() {
    if (file_exists(dirname( __FILE__ ) .  '/force-deactivate.php')) {
      $this->errors["DEACTIVATE_FILE_NOT_RENAMED"] = true;
    }
  }

  /**
   * Get the options for this plugin
   *
   * @since  2.0
   *
   * @access public
   *
   */

  public function get_admin_options(){

    $options = get_option('rlrsssl_options');
    if (isset($options)) {
      $this->site_has_ssl                     = isset($options['site_has_ssl']) ? $options['site_has_ssl'] : FALSE;
      $this->hsts                             = isset($options['hsts']) ? $options['hsts'] : FALSE;
      $this->htaccess_warning_shown           = isset($options['htaccess_warning_shown']) ? $options['htaccess_warning_shown'] : FALSE;
      $this->ssl_success_message_shown        = isset($options['ssl_success_message_shown']) ? $options['ssl_success_message_shown'] : FALSE;
      $this->plugin_db_version                = isset($options['plugin_db_version']) ? $options['plugin_db_version'] : "1.0";
      $this->debug                            = isset($options['debug']) ? $options['debug'] : FALSE;
      $this->do_not_edit_htaccess             = isset($options['do_not_edit_htaccess']) ? $options['do_not_edit_htaccess'] : FALSE;
      $this->htaccess_redirect                = isset($options['htaccess_redirect']) ? $options['htaccess_redirect'] : FALSE;
      $this->switch_mixed_content_fixer_hook  = isset($options['switch_mixed_content_fixer_hook']) ? $options['switch_mixed_content_fixer_hook'] : FALSE;
      $this->debug_log                        = isset($options['debug_log']) ? $options['debug_log'] : $this->debug_log;
    }

    if  (is_multisite()) {
      $network_options = get_site_option('rlrsssl_network_options');
      $network_htaccess_redirect  = isset($network_options["htaccess_redirect"]) ? $network_options["htaccess_redirect"] : false;
      $network_do_not_edit_htaccess  = isset($network_options["do_not_edit_htaccess"]) ? $network_options["do_not_edit_htaccess"] : false;
      /*
          If multiste, and networkwide, only the networkwide setting counts.
          if multisite, and per site, only the networkwide setting counts if it is true.
      */
      $ssl_enabled_networkwide = isset($network_options["ssl_enabled_networkwide"]) ? $network_options["ssl_enabled_networkwide"] : false;
      if ($ssl_enabled_networkwide) {
        $this->htaccess_redirect  = $network_htaccess_redirect;
        $this->do_not_edit_htaccess  = $network_do_not_edit_htaccess;
      } else {
        if ($network_do_not_edit_htaccess) $this->do_not_edit_htaccess  = $network_do_not_edit_htaccess;
        if ($network_htaccess_redirect) $this->htaccess_redirect  = $network_htaccess_redirect;
      }
    }

    //if the define is true, it overrides the db setting.
    if (defined( 'RLRSSSL_DO_NOT_EDIT_HTACCESS')) {
      $this->do_not_edit_htaccess = RLRSSSL_DO_NOT_EDIT_HTACCESS;
    }

  }

  /**
   * Creates an array of all domains where the plugin is active AND SSL is active, only used for multisite.
   *
   * @since  2.1
   *
   * @access public
   *
   */

  public function build_domain_list() {
    if (!is_multisite()) return;
    //create list of all activated sites with SSL
    $this->sites = array();
    $sites = $this->get_sites_bw_compatible();
    if ($this->debug) $this->trace_log("building domain list for multisite...");
    foreach ( $sites as $site ) {
        $this->switch_to_blog_bw_compatible($site);
        $options = get_option('rlrsssl_options');

        $ssl_enabled = FALSE;
        if (isset($options)) {
          $site_has_ssl = isset($options['site_has_ssl']) ? $options['site_has_ssl'] : FALSE;
          $ssl_enabled = isset($options['ssl_enabled']) ? $options['ssl_enabled'] : $site_has_ssl;
        }

        if (is_plugin_active(rsssl_plugin) && $ssl_enabled) {
          if ($this->debug) $this->trace_log("adding: ".home_url());
          $this->sites[] = home_url();
        }
        restore_current_blog(); //switches back to previous blog, not current, so we have to do it each loop
      }

      $this->save_options();
  }

  /**
   * check if the plugin was upgraded to a new version
   *
   * @since  2.1
   *
   * @access public
   *
   */

  public function get_plugin_upgraded() {
  	if ($this->plugin_db_version!= rsssl_version) {
  		$this->plugin_db_version = rsssl_version;
  		$this->plugin_upgraded = true;
      $this->save_options();
  	}
    $this->plugin_upgraded = false;
  }

  /**
   * Log events during plugin execution
   *
   * @since  2.1
   *
   * @access public
   *
   */

  public function trace_log($msg) {
    if (!$this->debug) return;
    $this->debug_log = $this->debug_log."<br>".$msg;
    $this->debug_log = strstr($this->debug_log,'** Detecting configuration **');
    error_log($msg);
  }

  /**
   * Configures the site for SSL
   *
   * @since  2.2
   *
   * @access public
   *
   */

  public function configure_ssl() {
    if (!current_user_can($this->capability)) return;

      $safe_mode = FALSE;
      if (defined('RSSSL_SAFE_MODE') && RSSSL_SAFE_MODE) $safe_mode = RSSSL_SAFE_MODE;

      if (!current_user_can($this->capability)) return;
      $this->trace_log("** Configuring SSL **");
      if ($this->site_has_ssl) {
        //when one of the used server variables was found, test if the redirect works

        if (RSSSL()->rsssl_server->uses_htaccess() && $this->ssl_type != "NA")
            $this->test_htaccess_redirect();

        //in a configuration reverse proxy without a set server variable https, add code to wpconfig
        if ($this->do_wpconfig_loadbalancer_fix){
            $this->wpconfig_loadbalancer_fix();
        }

        if ($this->no_server_variable)
            $this->wpconfig_server_variable_fix();

        if (!$safe_mode) {
          $this->editHtaccess();
        }

        if (!$safe_mode && $this->clicked_activate_ssl()) {
          $this->wp_redirect = TRUE;
          $this->save_options();
        }

        if (!$safe_mode && $this->wpconfig_siteurl_not_fixed)
          $this->fix_siteurl_defines_in_wpconfig();

        if (!$safe_mode) {
          $this->set_siteurl_to_ssl();
        }

      }
  }


  /**
   * Check to see if we are on the settings page, action hook independent
   *
   * @since  2.1
   *
   * @access public
   *
   */

  public function is_settings_page() {
    if (!isset($_SERVER['QUERY_STRING'])) return false;

    parse_str($_SERVER['QUERY_STRING'], $params);
    if (array_key_exists("page", $params) && ($params["page"]=="rlrsssl_really_simple_ssl")) {
        return true;
    }
    return false;
  }

  /**
   * Find the path to wp-config
   *
   * @since  2.1
   *
   * @access public
   *
   */

  public function find_wp_config_path() {
    //limit nr of iterations to 20
    $i=0;
    $maxiterations = 20;
    $dir = dirname(__FILE__);
    do {
        $i++;
        if( file_exists($dir."/wp-config.php") ) {
            return $dir."/wp-config.php";
        }
    } while( ($dir = realpath("$dir/..")) && ($i<$maxiterations) );
    return null;
  }

  /**
   * remove https from defined siteurl and homeurl in the wpconfig, if present
   *
   * @since  2.1
   *
   * @access public
   *
   */

  public function remove_ssl_from_siteurl_in_wpconfig() {
    if (!current_user_can($this->capability)) return;

      $wpconfig_path = $this->find_wp_config_path();
      if (!empty($wpconfig_path)) {
        $wpconfig = file_get_contents($wpconfig_path);

        $homeurl_pos = strpos($wpconfig, "define('WP_HOME','https://");
        $siteurl_pos = strpos($wpconfig, "define('WP_SITEURL','https://");

        if (($homeurl_pos !== false) || ($siteurl_pos !== false)) {
          if (is_writable($wpconfig_path)) {
            $search_array = array("define('WP_HOME','https://","define('WP_SITEURL','https://");
            $ssl_array = array("define('WP_HOME','http://","define('WP_SITEURL','http://");
            //now replace these urls
            $wpconfig = str_replace ($search_array , $ssl_array , $wpconfig);
            file_put_contents($wpconfig_path, $wpconfig);
          } else {
            $this->errors['wpconfig not writable'] = TRUE;
          }
        }

      }
  }



  /**
  *
  *     Checks if the wp config contains any defined siteurl and homeurl
  *
  *
  */

  private function check_for_siteurl_in_wpconfig(){

    $wpconfig_path = $this->find_wp_config_path();

    if (empty($wpconfig_path)) return;

    $wpconfig = file_get_contents($wpconfig_path);
    $homeurl_pattern = '/(define\(\s*\'WP_HOME\'\s*,\s*\'http\:\/\/)/';
    $siteurl_pattern = '/(define\(\s*\'WP_SITEURL\'\s*,\s*\'http\:\/\/)/';

    $this->wpconfig_siteurl_not_fixed = FALSE;
    if (preg_match($homeurl_pattern, $wpconfig) || preg_match($siteurl_pattern, $wpconfig) ) {
        $this->wpconfig_siteurl_not_fixed = TRUE;
        $this->trace_log("siteurl or home url defines found in wpconfig");
    }
  }


  /**
   * Runs only when siteurl or homeurl define was found in the wpconfig, with the check_for_siteurl_in_wpconfig function
   * and only when wpconfig is writable.
   *
   * @since  2.1
   *
   * @access public
   *
   */

  private function fix_siteurl_defines_in_wpconfig() {
      $wpconfig_path = $this->find_wp_config_path();

      if (empty($wpconfig_path)) return;

      $wpconfig = file_get_contents($wpconfig_path);
      $homeurl_pattern = '/(define\(\s*\'WP_HOME\'\s*,\s*\'http\:\/\/)/';
      $siteurl_pattern = '/(define\(\s*\'WP_SITEURL\'\s*,\s*\'http\:\/\/)/';

      if (preg_match($homeurl_pattern, $wpconfig) || preg_match($siteurl_pattern, $wpconfig) ) {
        if (is_writable($wpconfig_path)) {
          $this->trace_log("wp config siteurl/homeurl edited.");
          $wpconfig = preg_replace($homeurl_pattern, "define('WP_HOME','https://", $wpconfig);
          $wpconfig = preg_replace($siteurl_pattern, "define('WP_SITEURL','https://", $wpconfig);
          file_put_contents($wpconfig_path, $wpconfig);
        }
        else {
          if ($this->debug) {$this->trace_log("not able to fix wpconfig siteurl/homeurl.");}
          //only when siteurl or homeurl is defined in wpconfig, and wpconfig is not writable is there a possible issue because we cannot edit the defined urls.
          $this->wpconfig_siteurl_not_fixed = TRUE;
        }
      } else {
        if ($this->debug) {$this->trace_log("no siteurl/homeurl defines in wpconfig");}
      }
  }


  /**
   * Check if the wpconfig is already fixed
   *
   * @since  2.2
   *
   * @access public
   *
   */

  public function wpconfig_has_fixes() {
    $wpconfig_path = $this->find_wp_config_path();
    if (empty($wpconfig_path)) return false;
    $wpconfig = file_get_contents($wpconfig_path);

    //only one of two fixes possible.
    if (strpos($wpconfig, "//Begin Really Simple SSL Load balancing fix")!==FALSE ) {
      return true;
    }

    if (strpos($wpconfig, "//Begin Really Simple SSL Server variable fix")!==FALSE ) {
      return true;
    }

    return false;
  }


  /**
   * In case of load balancer without server https on, add fix in wp-config
   *
   * @since  2.1
   *
   * @access public
   *
   */


  public function wpconfig_loadbalancer_fix() {
      if (!current_user_can($this->capability)) return;

      $wpconfig_path = $this->find_wp_config_path();
      if (empty($wpconfig_path)) return;
      $wpconfig = file_get_contents($wpconfig_path);
      $this->wpconfig_loadbalancer_fix_failed = FALSE;
      //only if loadbalancer AND NOT SERVER-HTTPS-ON should the following be added. (is_ssl = false)
      if (strpos($wpconfig, "//Begin Really Simple SSL Load balancing fix")===FALSE ) {
        if (is_writable($wpconfig_path)) {
          $rule  = "\n"."//Begin Really Simple SSL Load balancing fix"."\n";
          $rule .= '$server_opts = array("HTTP_CLOUDFRONT_FORWARDED_PROTO" => "https", "HTTP_CF_VISITOR"=>"https", "HTTP_X_FORWARDED_PROTO"=>"https", "HTTP_X_FORWARDED_SSL"=>"on", "HTTP_X_FORWARDED_SSL"=>"1");'."\n";
          $rule .= 'foreach( $server_opts as $option => $value ) {'."\n";
          $rule .=   'if ( (isset($_ENV["HTTPS"]) && ( "on" == $_ENV["HTTPS"] )) || (isset( $_SERVER[ $option ] ) && ( strpos( $_SERVER[ $option ], $value ) !== false )) ) {'."\n";
          $rule .=     '$_SERVER[ "HTTPS" ] = "on";'."\n";
          $rule .=     'break;'."\n";
          $rule .=   '}'."\n";
          $rule .= '}'."\n";
          $rule .= "//END Really Simple SSL"."\n";

          $insert_after = "<?php";
          $pos = strpos($wpconfig, $insert_after);
          if ($pos !== false) {
              $wpconfig = substr_replace($wpconfig,$rule,$pos+1+strlen($insert_after),0);
          }

          file_put_contents($wpconfig_path, $wpconfig);
          if ($this->debug) {$this->trace_log("wp config loadbalancer fix inserted");}
        } else {
          if ($this->debug) {$this->trace_log("wp config loadbalancer fix FAILED");}
          $this->wpconfig_loadbalancer_fix_failed = TRUE;
        }
      } else {
        if ($this->debug) {$this->trace_log("wp config loadbalancer fix already in place, great!");}
      }
      $this->save_options();

  }



    /**
     * Getting WordPress to recognize setup as being SSL when no https server variable is available
     *
     * @since  2.1
     *
     * @access public
     *
     */

    public function wpconfig_server_variable_fix() {
      if (!current_user_can($this->capability)) return;

      $wpconfig_path = $this->find_wp_config_path();
      if (empty($wpconfig_path)) return;
      $wpconfig = file_get_contents($wpconfig_path);

      //check permissions
      if (!is_writable($wpconfig_path)) {
        if ($this->debug) $this->trace_log("wp-config.php not writable");
        return;
      }

      //when more than one blog, first remove what we have
      if (is_multisite() && !RSSSL()->rsssl_multisite->is_multisite_subfolder_install() && !RSSSL()->rsssl_multisite->ssl_enabled_networkwide && count($this->sites)>1) {
        $wpconfig = preg_replace("/\/\/Begin\s?Really\s?Simple\s?SSL.*?\/\/END\s?Really\s?Simple\s?SSL/s", "", $wpconfig);
        $wpconfig = preg_replace("/\n+/","\n", $wpconfig);
        file_put_contents($wpconfig_path, $wpconfig);
      }

      //now create new

      //check if the fix is already there
      if (strpos($wpconfig, "//Begin Really Simple SSL Server variable fix")!==FALSE ) {
          if ($this->debug) {$this->trace_log("wp config server variable fix already in place, great!");}
          return;
      }

      if ($this->debug) {$this->trace_log("Adding server variable to wpconfig");}
      $rule = $this->get_server_variable_fix_code();

      $insert_after = "<?php";
      $pos = strpos($wpconfig, $insert_after);
      if ($pos !== false) {
          $wpconfig = substr_replace($wpconfig,$rule,$pos+1+strlen($insert_after),0);
      }
      file_put_contents($wpconfig_path, $wpconfig);
      if ($this->debug) $this->trace_log("wp config server variable fix inserted");

      $this->save_options();
  }


protected function get_server_variable_fix_code(){
  if (is_multisite() && !RSSSL()->rsssl_multisite->ssl_enabled_networkwide && RSSSL()->rsssl_multisite->is_multisite_subfolder_install()) {
      if ($this->debug) $this->trace_log("per site activation on subfolder install, wp config server variable fix skipped");
      return "";
  }

  if (is_multisite() && !RSSSL()->rsssl_multisite->ssl_enabled_networkwide && count($this->sites)==0) {
    if ($this->debug) $this->trace_log("no sites left with SSL, wp config server variable fix skipped");
    return "";
  }

  if (is_multisite() && !RSSSL()->rsssl_multisite->ssl_enabled_networkwide) {
    $rule  = "\n"."//Begin Really Simple SSL Server variable fix"."\n";
    foreach ($this->sites as $domain ) {
        //remove http or https.
        if ($this->debug) {$this->trace_log("getting server variable rule for:".$domain);}
        $domain = preg_replace("/(http:\/\/|https:\/\/)/","",$domain);

        //we excluded subfolders, so treat as domain
        //check only for domain without www, as the www variant is found as well with the no www search.
        $domain_no_www  = str_replace ( "www." , "" , $domain);

        $rule .= 'if ( strpos($_SERVER["HTTP_HOST"], "'.$domain_no_www.'")!==FALSE ) {'."\n";
        $rule .= '   $_SERVER["HTTPS"] = "on";'."\n";
        $rule .= '}'."\n";
    }
    $rule .= "//END Really Simple SSL"."\n";
  } else {
    $rule  = "\n"."//Begin Really Simple SSL Server variable fix"."\n";
    $rule .= '$_SERVER["HTTPS"] = "on";'."\n";
    $rule .= "//END Really Simple SSL"."\n";
  }

  return $rule;
}

  /**
   * Removing changes made to the wpconfig
   *
   * @since  2.1
   *
   * @access public
   *
   */

  public function remove_wpconfig_edit() {

    $wpconfig_path = $this->find_wp_config_path();
    if (empty($wpconfig_path)) return;
    $wpconfig = file_get_contents($wpconfig_path);

    //check for permissions
    if (!is_writable($wpconfig_path)) {
      if ($this->debug) $this->trace_log("could not remove wpconfig edits, wp-config.php not writable");
      $this->errors['wpconfig not writable'] = TRUE;
      return;
    }

    //remove edits
    $wpconfig = preg_replace("/\/\/Begin\s?Really\s?Simple\s?SSL.*?\/\/END\s?Really\s?Simple\s?SSL/s", "", $wpconfig);
    $wpconfig = preg_replace("/\n+/","\n", $wpconfig);
    file_put_contents($wpconfig_path, $wpconfig);

    //in multisite environment, with per site activation, re-add
    if (is_multisite() && ! RSSSL()->rsssl_multisite->ssl_enabled_networkwide) {
      if ($this->do_wpconfig_loadbalancer_fix)
        $this->wpconfig_loadbalancer_fix();

      if ($this->no_server_variable)
        $this->wpconfig_server_variable_fix();
    }

}

  /**
   * Changes the siteurl and homeurl to https
   *
   * @since  2.0
   *
   * @access public
   *
   */

  public function set_siteurl_to_ssl() {
      if (!current_user_can($this->capability)) return;

      $this->trace_log("converting siteurl and homeurl to https");

      $siteurl_ssl = str_replace ( "http://" , "https://" , get_option('siteurl'));
      $homeurl_ssl = str_replace ( "http://" , "https://" , get_option('home'));
      update_option('siteurl',$siteurl_ssl);
      update_option('home',$homeurl_ssl);
  }



  /**
   * On de-activation, siteurl and homeurl are reset to http
   *
   * @since  2.0
   *
   * @access public
   *
   */

  public function remove_ssl_from_siteurl() {
      $siteurl_no_ssl = str_replace ( "https://" , "http://" , get_option('siteurl'));
      $homeurl_no_ssl = str_replace ( "https://" , "http://" , get_option('home'));
      update_option('siteurl',$siteurl_no_ssl);
      update_option('home',$homeurl_no_ssl);
  }

  /**
   * Save the plugin options
   *
   * @since  2.0
   *
   * @access public
   *
   */

  public function save_options() {
    if (!current_user_can($this->capability)) return;

    //any options added here should also be added to function options_validate()
    $options = array(
      'site_has_ssl'                      => $this->site_has_ssl,
      'hsts'                              => $this->hsts,
      'htaccess_warning_shown'            => $this->htaccess_warning_shown,
      'ssl_success_message_shown'         => $this->ssl_success_message_shown,
      'autoreplace_insecure_links'        => $this->autoreplace_insecure_links,
      'plugin_db_version'                 => $this->plugin_db_version,
      'debug'                             => $this->debug,
      'do_not_edit_htaccess'              => $this->do_not_edit_htaccess,
      'htaccess_redirect'                 => $this->htaccess_redirect,
      'ssl_enabled'                       => $this->ssl_enabled,
      'javascript_redirect'               => $this->javascript_redirect,
      'wp_redirect'                       => $this->wp_redirect,
      'switch_mixed_content_fixer_hook'   => $this->switch_mixed_content_fixer_hook,
    );

    update_option('rlrsssl_options',$options);
  }

  /**
   * Load the translation files
   *
   * @since  1.0
   *
   * @access public
   *
   */

  public function load_translation()
  {
      load_plugin_textdomain('really-simple-ssl', FALSE, dirname(plugin_basename(__FILE__)).'/languages/');
  }

  /**
   * Handles deactivation of this plugin
   *
   * @since  2.0
   *
   * @access public
   *
   */

  public function deactivate($networkwide) {
    $this->remove_ssl_from_siteurl();
    $this->remove_ssl_from_siteurl_in_wpconfig();

    $this->site_has_ssl                         = FALSE;
    $this->hsts                                 = FALSE;
    $this->htaccess_warning_shown               = FALSE;
    $this->ssl_success_message_shown            = FALSE;
    $this->autoreplace_insecure_links           = TRUE;
    $this->do_not_edit_htaccess                 = FALSE;
    $this->htaccess_redirect                    = FALSE;
    $this->javascript_redirect                  = FALSE;
    $this->wp_redirect                          = FALSE;
    $this->ssl_enabled                          = FALSE;
    $this->switch_mixed_content_fixer_hook      = FALSE;

    $this->save_options();

    //when on multisite, per site activation, recreate domain list for htaccess and wpconfig rewrite actions
    if (is_multisite()) {
      RSSSL()->rsssl_multisite->deactivate();
      if (!RSSSL()->rsssl_multisite->ssl_enabled_networkwide) $this->build_domain_list();
    }

    $this->remove_wpconfig_edit();
    $this->removeHtaccessEdit();
  }


  /**
   * Checks if we are currently on SSL protocol, but extends standard wp with loadbalancer check.
   *
   * @since  2.0
   *
   * @access public
   *
   */

  public function is_ssl_extended(){
    $server_var = FALSE;
		$server_opts = array(
      'HTTP_X_FORWARDED_PROTO'=>'https',
      'HTTP_CLOUDFRONT_FORWARDED_PROTO' => 'https',
      'HTTP_CF_VISITOR'=>'https',
      'HTTP_X_FORWARDED_SSL'=>'on',
      'HTTP_X_FORWARDED_SSL'=>'1'
    );

		foreach( $server_opts as $option => $value ) {
			if ( (isset($_ENV['HTTPS']) && ( 'on' == $_ENV['HTTPS'] ))
        || (isset( $_SERVER[ $option ] ) && ( strpos( $_SERVER[ $option ], $value ) !== false ) )) {
				$server_var = TRUE;
				break;
			}
		}

    if (is_ssl() || $server_var){
      return true;
    } else {
      return false;
    }
  }

  /**
   * Checks for SSL by opening a test page in the plugin directory
   *
   * @since  2.0
   *
   * @access public
   *
   */

   public function detect_configuration() {
     $this->trace_log("** Detecting configuration **");
     $this->trace_log("plugin version: ".rsssl_version);
     $old_ssl_setting = $this->site_has_ssl;
     $filecontents = "";
     //if current page is on SSL, we can assume SSL is available, even when an errormsg was returned
     if($this->is_ssl_extended()){
       $this->trace_log("Already on SSL, start detecting configuration");
       $this->site_has_ssl = TRUE;
     } else {
       //we're not on SSL, or no server vars were returned, so test with the test-page.
       //plugin url: domain.com/wp-content/etc
       $testpage_url = trailingslashit($this->test_url())."ssl-test-page.php";
       $this->trace_log("Opening testpage to check for SSL: ".$testpage_url);

       $response = wp_remote_get( $testpage_url );

       if( is_array($response) ) {
         $status = wp_remote_retrieve_response_code( $response );
         $filecontents = wp_remote_retrieve_body($response);
       }

       $this->trace_log("test page url, enter in browser to check manually: ".$testpage_url);

       if(!is_wp_error( $response ) && (strpos($filecontents, "#SSL TEST PAGE#") !== false)) {
         $this->site_has_ssl = TRUE;
         $this->trace_log("SSL test page loaded successfully");
       } else {
         $this->site_has_ssl = FALSE;
         $error = "";
         if (is_wp_error( $response ) ) $error = $response->get_error_message();
         $this->trace_log("No SSL detected. No certificate, or the testpage is blocked by security settings. The SSL testpage returned the error: ".$error);
       }
     }

     if ($this->site_has_ssl) {
       //check the type of SSL, either by parsing the returned string, or by reading the server vars.
       if ((strpos($filecontents, "#CLOUDFRONT#") !== false) || (isset($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO']) && ($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'] == 'https'))) {
         $this->ssl_type = "CLOUDFRONT";
       } elseif ((strpos($filecontents, "#CLOUDFLARE#") !== false) || (isset($_SERVER['HTTP_CF_VISITOR']) && ($_SERVER['HTTP_CF_VISITOR'] == 'https'))) {
         $this->ssl_type = "CLOUDFLARE";
       } elseif ((strpos($filecontents, "#LOADBALANCER#") !== false) || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'))) {
         $this->ssl_type = "LOADBALANCER";
       } elseif ((strpos($filecontents, "#CDN#") !== false) || (isset($_SERVER['HTTP_X_FORWARDED_SSL']) && ($_SERVER['HTTP_X_FORWARDED_SSL'] == 'on' || $_SERVER['HTTP_X_FORWARDED_SSL'] == '1'))) {
         $this->ssl_type = "CDN";
       } elseif ((strpos($filecontents, "#SERVER-HTTPS-ON#") !== false) || (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on')) {
         $this->ssl_type = "SERVER-HTTPS-ON";
       } elseif ((strpos($filecontents, "#SERVER-HTTPS-1#") !== false) || (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == '1')) {
         $this->ssl_type = "SERVER-HTTPS-1";
       } elseif ((strpos($filecontents, "#SERVERPORT443#") !== false) || (isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ))) {
         $this->ssl_type = "SERVERPORT443";
       } elseif ((strpos($filecontents, "#ENVHTTPS#") !== false) || (isset($_ENV['HTTPS']) && ( 'on' == $_ENV['HTTPS'] ))) {
          $this->ssl_type = "ENVHTTPS";
       } elseif ((strpos($filecontents, "#NO KNOWN SSL CONFIGURATION DETECTED#") !== false)) {
         //if we are here, SSL was detected, but without any known server variables set.
         //So we can use this info to set a server variable ourselfes.
         if (!$this->wpconfig_has_fixes()) {
           $this->no_server_variable = TRUE;
         }
         $this->trace_log("No server variable detected ");
         $this->ssl_type = "NA";
       } else {
         //no valid response, so set to NA
         $this->ssl_type = "NA";
       }

       //check for is_ssl()
       if ( (!$this->is_ssl_extended() &&
            (strpos($filecontents, "#SERVER-HTTPS-ON#") === false) &&
            (strpos($filecontents, "#SERVER-HTTPS-1#") === false) &&
            (strpos($filecontents, "#SERVERPORT443#") === false)) || (!is_ssl() && $this->is_ssl_extended())) {
         //when is_ssl would return false, we should add some code to wp-config.php
         if (!$this->wpconfig_has_fixes()) {
           $this->trace_log("is_ssl() will return false: wp-config fix needed");
           $this->do_wpconfig_loadbalancer_fix = TRUE;
         }
       }

 	    $this->trace_log("SSL type: ".$this->ssl_type);
     }
     $this->check_for_siteurl_in_wpconfig();

     $this->save_options();
   }


  /**
   * Test if the htaccess redirect will work
   * This way, no redirect loops should occur.
   *
   * @since  2.1
   *
   * @access public
   *
   */

   public function test_htaccess_redirect() {
     if (!current_user_can($this->capability)) return;
 	   if ($this->debug) {$this->trace_log("testing htaccess rules...");}
     $filecontents = "";
     $testpage_url = trailingslashit($this->test_url())."testssl/";
     switch ($this->ssl_type) {
     case "CLOUDFRONT":
         $testpage_url .= "cloudfront";
         break;
     case "CLOUDFLARE":
         $testpage_url .= "cloudflare";
         break;
     case "LOADBALANCER":
         $testpage_url .= "loadbalancer";
         break;
     case "CDN":
         $testpage_url .= "cdn";
         break;
     case "SERVER-HTTPS-ON":
         $testpage_url .= "serverhttpson";
         break;
     case "SERVER-HTTPS-1":
         $testpage_url .= "serverhttps1";
         break;
     case "SERVERPORT443":
         $testpage_url .= "serverport443";
         break;
     case "ENVHTTPS":
         $testpage_url .= "envhttps";
         break;
     }

     $testpage_url .= ("/ssl-test-page.html");

     $response = wp_remote_get( $testpage_url );
     if( is_array($response) ) {
       $status = wp_remote_retrieve_response_code( $response );
       $filecontents = wp_remote_retrieve_body($response);
     }

     $this->trace_log("test page url, enter in browser to check manually: ".$testpage_url);

     if (!is_wp_error( $response ) && (strpos($filecontents, "#SSL TEST PAGE#") !== false)) {
       $this->htaccess_test_success = TRUE;
 		   $this->trace_log("htaccess rules tested successfully.");
     } else {
       //.htaccess rewrite rule seems to be giving problems.
       $this->htaccess_test_success = FALSE;
       if (is_wp_error( $response )) {
         $this->trace_log("htaccess rules test failed with error: ".$response->get_error_message());
       } else {
         $this->trace_log("htaccess test rules failed. Set WordPress redirect in settings/SSL");
       }
     }
   }


  /**
   * Get an url with which we can test the SSL connection and htaccess redirect rules.
   *
   * @since  2.0
   *
   * @access public
   *
   */

   public function test_url(){
     $plugin_url = str_replace("http://", "https://", trailingslashit(rsssl_url) );;
     $https_home_url = str_replace("http://", "https://", home_url());

     //in some case we get a relative url here, so we check that.
     //we compare to urls replaced to https, in case one of them is still on http.
 	   if ( (strpos($plugin_url, "https://")===FALSE ) &&
          (strpos($plugin_url, $https_home_url)===FALSE)
        ) {
       //make sure we do not have a slash at the start
       $plugin_url = ltrim($plugin_url,"/");
       $plugin_url = trailingslashit(home_url()).$plugin_url;
     }

     //for subdomains or domain mapping situations, we have to convert the plugin_url from main site to the subdomain url.
     if (is_multisite() && ( !is_main_site(get_current_blog_id()) ) && (! RSSSL()->rsssl_multisite->is_multisite_subfolder_install()) ) {
       $mainsiteurl = trailingslashit(str_replace("http://","https://",network_site_url()));

       $home = trailingslashit($https_home_url);
       $plugin_url = str_replace($mainsiteurl, $home, $plugin_url);

       //return http link if original url is http.
       //if (strpos(home_url(), "https://")===FALSE) $plugin_url = str_replace("https://","http://",$plugin_url);
     }

     return $plugin_url;
   }


  /**
   * removes the added redirect to https rules to the .htaccess file.
   *
   * @since  2.0
   *
   * @access public
   *
   */

  public function removeHtaccessEdit() {
      if(file_exists($this->ABSpath.".htaccess") && is_writable($this->ABSpath.".htaccess")){
        $htaccess = file_get_contents($this->ABSpath.".htaccess");


        //if multisite, per site activation and more than one blog remaining on ssl, remove condition for this site only
        //the domain list has been rebuilt already, so current site is already removed.
        if (is_multisite() && ! RSSSL()->rsssl_multisite->ssl_enabled_networkwide && count($this->sites)>0) {
          //remove http or https.
          $domain = preg_replace("/(http:\/\/|https:\/\/)/","",home_url());
          $pattern = "/#wpmu\srewritecond\s?".preg_quote($domain, "/")."\n.*?#end\swpmu\srewritecond\s?".preg_quote($domain, "/")."\n/s";

          //only remove if the pattern is there at all
          if (preg_match($pattern, $htaccess)) $htaccess = preg_replace($pattern, "", $htaccess);
          //now replace any remaining "or" on the last condition.
          $pattern = "/(\[OR\])(?!.*(\[OR\]|#start).*?RewriteRule)/s";
          $htaccess = preg_replace($pattern, "", $htaccess,1);

        } else {
          // remove everything
          $pattern = "/#\s?BEGIN\s?rlrssslReallySimpleSSL.*?#\s?END\s?rlrssslReallySimpleSSL/s";
          //only remove if the pattern is there at all
          if (preg_match($pattern, $htaccess)) $htaccess = preg_replace($pattern, "", $htaccess);

        }

        $htaccess = preg_replace("/\n+/","\n", $htaccess);
        file_put_contents($this->ABSpath.".htaccess", $htaccess);
        $this->save_options();
      } else {
        $this->errors['HTACCESS_NOT_WRITABLE'] = TRUE;
        if ($this->debug) $this->trace_log("could not remove rules from htaccess, file not writable");
      }
  }

  public function get_htaccess_version() {
    if (!file_exists($this->ABSpath.".htaccess")) return false;

    $htaccess = file_get_contents($this->ABSpath.".htaccess");
    $versionpos = strpos($htaccess, "rsssl_version");

    if ($versionpos===false) {
      //no version found, so not .htaccess rules.
      return false;
    } else {
      //find closing marker of version
      $close = strpos($htaccess, "]", $versionpos);
      $version = substr($htaccess, $versionpos+14, $close-($versionpos+14));
      return $version;
    }
  }


  /*   deprecated   */

  function htaccess_redirect_allowed(){
    if (is_multisite() && RSSSL()->rsssl_multisite->is_per_site_activated_multisite_subfolder_install()) {
      return false;
    } else {
      return true;
    }
  }


  /*
    Checks if the htaccess contains redirect rules, either actual redirect or a rsssl marker.
  */

  public function htaccess_contains_redirect_rules() {

    if (!file_exists($this->ABSpath.".htaccess")) {
      return false;
    }

    $htaccess = file_get_contents($this->ABSpath.".htaccess");

    $needle = "RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]";
    if(strpos($htaccess, $needle) !== FALSE || $this->contains_rsssl_rules()){
      return true;
    } else {
      $this->trace_log(".htaccess does not contain default Really Simple SSL redirect");
      return false;
    }

  }


  /*
  *    Checks if the htaccess contains the Really Simple SSL comment.
  *
  */

  public function contains_rsssl_rules() {
    if (!file_exists($this->ABSpath.".htaccess")) {
      return false;
    }

    $htaccess = file_get_contents($this->ABSpath.".htaccess");

    $check=null;
    preg_match("/BEGIN rlrssslReallySimpleSSL/", $htaccess, $check);
    if(count($check) === 0){
      return false;
    } else {
      return true;
    }
  }

  /*
  *    Checks if a 301 redirect is set
  *    this is the case if either the wp_redirect is set, or the htaccess redirect is set.
  *
  */

  public function has_301_redirect() {
    if ($this->wp_redirect) return true;

    if (RSSSL()->rsssl_server->uses_htaccess() && $this->htaccess_contains_redirect_rules() ) {
      return true;
    }

    return false;
  }

  /**
   * Checks if the HSTS rule is already in the htaccess file
   * Set the hsts variable in the db accordingly. applies to preload version as well.
   *
   * @since  2.1
   *
   * @access public
   *
   */

  public function contains_hsts() {
    if (!file_exists($this->ABSpath.".htaccess")) {
      $this->trace_log(".htaccess not found in ".$this->ABSpath);
      $result = $this->hsts; //just return the setting.
    } else {
      $htaccess = file_get_contents($this->ABSpath.".htaccess");

      preg_match("/Strict-Transport-Security/", $htaccess, $check);
      if(count($check) === 0){
        $result = false;
      } else {
        $result = true;
      }
    }

    return $result;
  }


  /**
   * Adds redirect to https rules to the .htaccess file.
   *
   * @since  2.0
   *
   * @access public
   *
   */

  public function editHtaccess(){
      if (!current_user_can($this->capability)) return;

      //check if htacces exists and  if htaccess is writable
      //update htaccess to redirect to ssl

      $this->trace_log("checking if .htaccess can or should be edited...");

      //does it exist?
      if (!file_exists($this->ABSpath.".htaccess")) {
        $this->trace_log(".htaccess not found.");
        return;
      }

      //check if editing is blocked.
      if ($this->do_not_edit_htaccess) {
        $this->trace_log("Edit of .htaccess blocked by setting or define 'do not edit htaccess' in Really Simple SSL.");
        return;
      }

      $htaccess = file_get_contents($this->ABSpath.".htaccess");
      if(!$this->htaccess_contains_redirect_rules()){

        if (!is_writable($this->ABSpath.".htaccess")) {
          //set the wp redirect as fallback, because .htaccess couldn't be edited.
          if ($this->clicked_activate_ssl()) $this->wp_redirect = true;
          if (is_multisite()) {
            RSSSL()->rsssl_multisite->wp_redirect = true;
            RSSSL()->rsssl_multisite->save_options();
          }
          $this->save_options();
          $this->trace_log(".htaccess not writable.");
          return;
        }

        $rules = $this->get_redirect_rules();

        //insert rules before wordpress part.
        if (strlen($rules)>0) {
          $wptag = "# BEGIN WordPress";
          if (strpos($htaccess, $wptag)!==false) {
              $htaccess = str_replace($wptag, $rules.$wptag, $htaccess);
          } else {
              $htaccess = $htaccess.$rules;
          }

          file_put_contents($this->ABSpath.".htaccess", $htaccess);
        }

    } elseif ($this->is_settings_page() || is_network_admin()) {

        if ($this->debug) {$this->trace_log("settings page, or network admin, updating htaccess...");}

        if (!is_writable($this->ABSpath.".htaccess")) {
          if($this->debug) $this->trace_log(".htaccess not writable.");
          return;
        }

	      $htaccess = preg_replace("/#\s?BEGIN\s?rlrssslReallySimpleSSL.*?#\s?END\s?rlrssslReallySimpleSSL/s", "", $htaccess);
        $htaccess = preg_replace("/\n+/","\n", $htaccess);

        $rules = $this->get_redirect_rules();

        //insert rules before WordPress part.
        $wptag = "# BEGIN WordPress";
        if (strpos($htaccess, $wptag)!==false) {
            $htaccess = str_replace($wptag, $rules.$wptag, $htaccess);
        } else {
            $htaccess = $htaccess.$rules;
        }
        file_put_contents($this->ABSpath.".htaccess", $htaccess);

      }
  }

  /**
  *
  *  @since 2.2
  *  Check if the mixed content fixer is functioning on the front end, by scanning the source of the homepage for the fixer comment.
  *
  */

  public function mixed_content_fixer_detected(){

    $status = 0;
    $web_source = "";
    //check if the mixed content fixer is active
    $response = wp_remote_get( home_url() );

    if( is_array($response) ) {
      $status = wp_remote_retrieve_response_code( $response );
      $web_source = wp_remote_retrieve_body($response);
    }

    if ($status!=200 || (strpos($web_source, "data-rsssl=") === false)) {
      $this->trace_log("Check for Mixed Content detection failed, http statuscode ".$status);
      return false;
    } else {
      $this->trace_log("Mixed content fixer was successfully detected on the front end.");
      return true;
    }
  }

  /**
   * Create redirect rules for the .htaccess.
   *
   *…
Alerts (6)

'die(' Abrupt termination detected; use try-catch or custom error handlers for better control
2
Complexity hotspot; line 89 (total complexity: 5)
89
'var' Legacy var keyword detected; use public/private/protected for class properties
976 988
Complexity hotspot; lines 986 to 987 (total complexity: 5)
986 987