Xcloner_Api

Complexity

Total Complexity

125

Size/Duplication

Total Lines	1055
Duplicated Lines	10.81 %

Coupling/Cohesion

Components	1
Dependencies	14

Importance

Changes

0

24 Methods

Rating	Name	Duplication	Size	Complexity
B	__construct()	0	31	4
A	get_xcloner_container()	0	4	1
A	check_access()	0	6	3
B	init_db()	0	30	2
D	save_schedule()	0	128	14
B	backup_files()	2	56	9
B	backup_database()	4	25	4
A	scan_filesystem()	0	23	2
C	process_params()	16	68	14
B	get_file_system_action()	0	67	7
C	get_database_tables_action()	0	75	14
A	get_schedule_by_id()	0	16	3
C	get_scheduler_list()	0	67	9
A	delete_schedule_by_id()	0	10	1
A	delete_backup_by_name()	0	11	1
C	list_backup_files()	21	66	9
B	copy_backup_remote_to_local()	34	34	4
B	upload_backup_to_remote()	33	33	4
A	remote_storage_save_status()	0	10	1
A	download_restore_script()	0	63	3
B	download_backup_by_name()	0	34	2
C	restore_upload_backup()	4	64	9
A	restore_backup()	0	8	1
A	send_response()	0	14	4

<?php

use League\Flysystem\Config;
use League\Flysystem\Filesystem;
use League\Flysystem\Util;
use League\Flysystem\Adapter\Local;

use splitbrain\PHPArchive\Tar;
use splitbrain\PHPArchive\Zip;
use splitbrain\PHPArchive\Archive;
use splitbrain\PHPArchive\FileInfo;


class Xcloner_Api{

PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions.

	private $xcloner_database;
	private $xcloner_settings;
	private $xcloner_file_system;
	private $xcloner_requirements;
	private $xcloner_sanitization;
	private $archive_system;
	private $form_params;
	private $logger;
	private $xcloner_container;
	
	public function __construct(Xcloner $xcloner_container)

__construct uses the super-global variable $_POST which is generally not recommended.

	{
		global $wpdb;

Use of global functionality is not recommended; it makes your code harder to test, and less reusable.

		
		if(WP_DEBUG)
		{
			error_reporting(0);
		}
		
		if( ob_get_length() )
			ob_end_clean();
		ob_start();
		
		$wpdb->show_errors			= false;
			
		$this->xcloner_container	= $xcloner_container;
				
		$this->xcloner_settings 	= $xcloner_container->get_xcloner_settings();
		$this->logger				= $xcloner_container->get_xcloner_logger()->withName("xcloner_api");
		$this->xcloner_file_system 	= $xcloner_container->get_xcloner_filesystem();
		$this->xcloner_sanitization = $xcloner_container->get_xcloner_sanitization();
		$this->xcloner_requirements = $xcloner_container->get_xcloner_requirements();
		$this->archive_system 		=  $xcloner_container->get_archive_system();
		$this->xcloner_database 	=  $xcloner_container->get_xcloner_database();
		$this->xcloner_scheduler 	=  $xcloner_container->get_xcloner_scheduler();

The property xcloner_scheduler does not exist. Did you maybe forget to declare it?

		
		if(isset($_POST['API_ID'])){
			$this->logger->info("Processing ajax request ID ".substr($this->xcloner_sanitization->sanitize_input_as_string($_POST['API_ID']), 0 , 15));
		}
		
	}
	
	public function get_xcloner_container()
	{
		return $this->xcloner_container;
	}
	
	private function check_access()
	{
		if (function_exists('current_user_can') && !current_user_can('manage_options')) {
			die("Not allowed access here!");

The method check_access() contains an exit expression.

		}
	}
	
	public function init_db()
	{
		return;
		
		
		$data['dbHostname'] = $this->xcloner_settings->get_db_hostname();

$data['dbHostname'] = $this->xcloner_settings->get_db_hostname(); does not seem to be reachable.

		$data['dbUsername'] = $this->xcloner_settings->get_db_username();
		$data['dbPassword'] = $this->xcloner_settings->get_db_password();
		$data['dbDatabase'] = $this->xcloner_settings->get_db_database();
		
		
		$data['recordsPerSession'] 		= $this->xcloner_settings->get_xcloner_option('xcloner_database_records_per_request');
		$data['TEMP_DBPROCESS_FILE'] 	= $this->xcloner_settings->get_xcloner_tmp_path().DS.".database";
		$data['TEMP_DUMP_FILE'] 		= $this->xcloner_settings->get_xcloner_tmp_path().DS."database-sql.sql";
		
		try
		{
			$this->xcloner_database->init($data);

		}catch(Exception $e){
			
			$this->send_response($e->getMessage());
			$this->logger->error($e->getMessage());
			
		}
		
		return $this->xcloner_database;
		
	
	}
	
	/*
	 * 
	 * Save Schedule API
	 */
	public function save_schedule()

save_schedule uses the super-global variable $_POST which is generally not recommended.

	{
		global $wpdb; 

Use of global functionality is not recommended; it makes your code harder to test, and less reusable.

		
		$this->check_access();
		
		$scheduler = $this->xcloner_scheduler;
		$params = array();
		$schedule = array();
		$response = array();
		
		if(isset($_POST['data']))
			$params = json_decode(stripslashes($_POST['data']));
		
		$this->process_params($params);
		
		if(isset($_POST['id']))
		{
			
			$this->form_params['backup_params']['backup_name'] = $this->xcloner_sanitization->sanitize_input_as_string($_POST['backup_name']);
			$this->form_params['backup_params']['email_notification'] = $this->xcloner_sanitization->sanitize_input_as_string($_POST['email_notification']);
			if($_POST['diff_start_date']){
				$this->form_params['backup_params']['diff_start_date'] = strtotime($this->xcloner_sanitization->sanitize_input_as_string($_POST['diff_start_date']));
			}else{
				$this->form_params['backup_params']['diff_start_date'] = "";
				}
			$this->form_params['backup_params']['schedule_name'] = $this->xcloner_sanitization->sanitize_input_as_string($_POST['schedule_name']);
			$this->form_params['backup_params']['start_at'] = strtotime($_POST['schedule_start_date']);
			$this->form_params['backup_params']['schedule_frequency'] = $this->xcloner_sanitization->sanitize_input_as_string($_POST['schedule_frequency']);
			$this->form_params['backup_params']['schedule_storage'] = $this->xcloner_sanitization->sanitize_input_as_string($_POST['schedule_storage']);
			$this->form_params['database'] = (stripslashes($this->xcloner_sanitization->sanitize_input_as_raw($_POST['table_params'])));
			$this->form_params['excluded_files'] = (stripslashes($this->xcloner_sanitization->sanitize_input_as_raw($_POST['excluded_files'])));
			
			//$this->form_params['backup_params']['backup_type'] = $this->xcloner_sanitization->sanitize_input_as_string($_POST['backup_type']);

75% of this comment could be valid code. Did you maybe forget this after debugging?

			
			$tables = explode(PHP_EOL, $this->form_params['database']);
			$return = array();
			
			foreach($tables as $table)
			{
					$table = str_replace("\r","", $table);
					$data = explode(".", $table);
					if(isset($data[1]))
						$return[$data[0]][] = $data[1];
			}
			
			$this->form_params['database'] = ($return);
			
			$excluded_files = explode(PHP_EOL, $this->form_params['excluded_files']);
			$return = array();
			
			foreach($excluded_files as $file)
			{
				$file = str_replace("\r","", $file);
				if($file)
					$return[] = $file;
			}
			
			$this->form_params['excluded_files'] = ($return);
			
			$schedule['start_at'] = $this->form_params['backup_params']['start_at'];
			
			if(!isset($_POST['status']))
				$schedule['status'] = 0;
			else	
				$schedule['status'] = $this->xcloner_sanitization->sanitize_input_as_int($_POST['status']);
		}else{
		
			$schedule['status'] = 1;
			$schedule['start_at'] = strtotime($this->form_params['backup_params']['schedule_start_date'] .
								" ".$this->form_params['backup_params']['schedule_start_time']);
			
			if($schedule['start_at'] <= time())
			{
				$schedule['start_at'] = "";
			}
		}
		
		if(!$schedule['start_at'])						
		{
			$schedule['start_at'] = date('Y-m-d H:i:s', time());
		}else{
			$schedule['start_at'] = date('Y-m-d H:i:s', $schedule['start_at'] - (get_option( 'gmt_offset' ) * HOUR_IN_SECONDS) );	
		}
		
		$schedule['name'] = $this->form_params['backup_params']['schedule_name'];
		$schedule['recurrence'] = $this->form_params['backup_params']['schedule_frequency'];
		$schedule['remote_storage'] = $this->form_params['backup_params']['schedule_storage'];
		//$schedule['backup_type'] = $this->form_params['backup_params']['backup_type'];

77% of this comment could be valid code. Did you maybe forget this after debugging?

		$schedule['params'] = json_encode($this->form_params);

		if(!isset($_POST['id']))
		{
			$wpdb->insert( 
				$wpdb->prefix.'xcloner_scheduler', 
				$schedule, 
				array( 
					'%s', 
					'%s' 
				) 
			);
		}else		{
			$wpdb->update( 
				$wpdb->prefix.'xcloner_scheduler', 
				$schedule, 
				array( 'id' => $_POST['id'] ), 
				array( 
					'%s', 
					'%s' 
				) 
			);
		}
		if(isset($_POST['id']))
		{
			$scheduler->update_cron_hook($_POST['id']);
		}
			
		if( $wpdb->last_error ) {
            $response['error'] = 1;
            $response['error_message'] = $wpdb->last_error/*."--".$wpdb->last_query*/;

50% of this comment could be valid code. Did you maybe forget this after debugging?

            
        }
        
        $scheduler->update_wp_cron_hooks();
		$response['finished'] = 1;
		
		$this->send_response($response);
	}
	
	/*
	 * 
	 * Backup Files API
	 * 
	 */ 
	public function backup_files()

backup_files uses the super-global variable $_POST which is generally not recommended.

	{
		$this->check_access();
		
		$params = json_decode(stripslashes($_POST['data']));
		
		$init 	= (int)$_POST['init'];
		
		if($params === NULL)
			 die( '{"status":false,"msg":"The post_data parameter must be valid JSON"}' );

The method backup_files() contains an exit expression.

			 
		$this->process_params($params);
		
		$return['finished'] = 1;

$return was never initialized. Although not strictly required by PHP, it is generally a good practice to add $return = array(); before regardless.

		//$return = $this->archive_system->start_incremental_backup($this->form_params['backup_params'], $this->form_params['extra'], $init);

69% of this comment could be valid code. Did you maybe forget this after debugging?

		try{
			$return = $this->archive_system->start_incremental_backup($this->form_params['backup_params'], $this->form_params['extra'], $init);
		}catch(Exception $e)
		{
			$return = array();
			$return['error'] = true;
			$return['status'] = 500;
			$return['error_message'] = $e->getMessage();
			return $this->send_response($return, $hash = 1);
		}
		
		if($return['finished'])
		{
			$return['extra']['backup_parent'] = $this->archive_system->get_archive_name_with_extension();
			if($this->xcloner_file_system->is_part($this->archive_system->get_archive_name_with_extension()))

This code seems to be duplicated across your project.

				$return['extra']['backup_parent'] = $this->archive_system->get_archive_name_multipart();
		}
		
		$data = $return;
		
		//check if backup is finished
		if($return['finished'] )
		{
			if(isset($this->form_params['backup_params']['email_notification']) and $to=$this->form_params['backup_params']['email_notification'])

Using logical operators such as and instead of && is generally not recommended.

			{
				try{
					$from = "";
					$subject = "";
					$additional['lines_total'] = $return['extra']['lines_total'];

$additional was never initialized. Although not strictly required by PHP, it is generally a good practice to add $additional = array(); before regardless.

					$this->archive_system->send_notification($to, $from, $subject, $return['extra']['backup_parent'], $this->form_params,"", $additional);
				}catch(Exception $e)
				{
					$this->logger->error($e->getMessage());
				}
			}
			$this->xcloner_file_system->remove_tmp_filesystem();
		}
		
		return $this->send_response($data, $hash = 1);
	}
	
	/*
	 * 
	 * Backup Database API
	 * 
	 */ 
	public function backup_database()

backup_database uses the super-global variable $_POST which is generally not recommended.

	{
		$this->check_access();
		
		$params = json_decode(stripslashes($_POST['data']));
		
		$init 	= (int)$_POST['init'];
		
		if($params === NULL)
			 die( '{"status":false,"msg":"The post_data parameter must be valid JSON"}' );

The method backup_database() contains an exit expression.

		
		$this->process_params($params);
			
		//$xcloner_database = $this->init_db();	

60% of this comment could be valid code. Did you maybe forget this after debugging?

		$return = $this->xcloner_database->start_database_recursion($this->form_params['database'], $this->form_params['extra'], $init);
		
		if(isset($return['error']) and $return['error'])

This code seems to be duplicated across your project.

Using logical operators such as and instead of && is generally not recommended.

			$data['finished'] = 1;

$data was never initialized. Although not strictly required by PHP, it is generally a good practice to add $data = array(); before regardless.

		else	
			$data['finished'] = $return['finished'];

$data was never initialized. Although not strictly required by PHP, it is generally a good practice to add $data = array(); before regardless.

			
		$data['extra'] = $return;
		
		return $this->send_response($data, $hash = 1);
	}
	
	/*
	 * 
	 * Scan Filesystem API
	 * 
	 */ 
	public function scan_filesystem()

scan_filesystem uses the super-global variable $_POST which is generally not recommended.

	{
		$this->check_access();
		
		$params = json_decode(stripslashes($_POST['data']));
		$init 	= (int)$_POST['init'];
		
		if($params === NULL)
			 die( '{"status":false,"msg":"The post_data parameter must be valid JSON"}' );

The method scan_filesystem() contains an exit expression.

			 
		$hash = $this->process_params($params);

$hash is not used, you could remove the assignment.

		
		$this->xcloner_file_system->set_excluded_files($this->form_params['excluded_files']);

It seems like $this->form_params['excluded_files'] can also be of type string; however, Xcloner_File_System::set_excluded_files() does only seem to accept array, maybe add an additional type check?

		
		$return = $this->xcloner_file_system->start_file_recursion($init);
		
		$data["finished"] = !$return;

$data was never initialized. Although not strictly required by PHP, it is generally a good practice to add $data = array(); before regardless.

		$data["total_files_num"] = $this->xcloner_file_system->get_scanned_files_num();
		$data["last_logged_file"] = $this->xcloner_file_system->last_logged_file();
		$data["total_files_size"] = sprintf("%.2f",$this->xcloner_file_system->get_scanned_files_total_size()/(1024*1024));
		
		return $this->send_response($data, $hash = 1);
	}
	
	/*
	 * 
	 * Process params sent by the user
	 * 
	 */ 
	private function process_params($params)
	{
		if(isset($params->hash))
			$this->xcloner_settings->set_hash($params->hash);
			
		$this->form_params['extra'] = array();
		$this->form_params['backup_params'] = array();
		
		$this->form_params['database'] = array();
		
		if(isset($params->backup_params))

This code seems to be duplicated across your project.

		{
			foreach($params->backup_params as $param)
			{
				$this->form_params['backup_params'][$param->name] = $this->xcloner_sanitization->sanitize_input_as_string($param->value);
				$this->logger->debug("Adding form parameter ".$param->name.".".$param->value."\n", array('POST', 'fields filter'));
			}
		}
		
		$this->form_params['database'] = array();
		
		if(isset($params->table_params))

This code seems to be duplicated across your project.

		{
			foreach($params->table_params as $param)
			{
				$this->form_params['database'][$param->parent][] = $this->xcloner_sanitization->sanitize_input_as_raw($param->id);
				$this->logger->debug("Adding database filter ".$param->parent.".".$param->id."\n", array('POST', 'database filter'));
			}
		}
		
		$this->form_params['excluded_files'] =  array();
		if(isset($params->files_params))
		{
			foreach($params->files_params as $param)
			{
				$this->form_params['excluded_files'][] = $this->xcloner_sanitization->sanitize_input_as_relative_path($param->id);
			}
			
			$unique_exclude_files = array();
			
			foreach($params->files_params as $key=>$param)
			{
				if(!in_array($param->parent, $this->form_params['excluded_files'])){
				//$this->form_params['excluded_files'][] = $this->xcloner_sanitization->sanitize_input_as_relative_path($param->id);

69% of this comment could be valid code. Did you maybe forget this after debugging?

					$unique_exclude_files[] = $param->id;
					$this->logger->debug("Adding file filter ".$param->id."\n", array('POST', 'exclude files filter'));
				}
			}
			$this->form_params['excluded_files'] = (array)$unique_exclude_files;
			
		}
		
		//$this->form_params['excluded_files'] =  array_merge($this->form_params['excluded_files'], $this->exclude_files_by_default);

67% of this comment could be valid code. Did you maybe forget this after debugging?

		
		if(isset($params->extra))
		{
			foreach($params->extra as $key=>$value)
				$this->form_params['extra'][$key] = $this->xcloner_sanitization->sanitize_input_as_raw($value);
		}
		
		if(isset($this->form_params['backup_params']['diff_start_date']) and $this->form_params['backup_params']['diff_start_date'])

Using logical operators such as and instead of && is generally not recommended.

		{
			$this->form_params['backup_params']['diff_start_date'] = strtotime($this->form_params['backup_params']['diff_start_date']);
			$this->xcloner_file_system->set_diff_timestamp_start($this->form_params['backup_params']['diff_start_date']);
		}
		
		return $this->xcloner_settings->get_hash();
	}
	
	/*
	 * 
	 * Get file list for tree view API
	 * 
	 */ 
	public function get_file_system_action()

get_file_system_action uses the super-global variable $_POST which is generally not recommended.

	{
		$this->check_access();
		
		$folder = $this->xcloner_sanitization->sanitize_input_as_relative_path($_POST['id']);
		
		$data = array();
		
		if($folder == "#"){
			
			$folder = "/";
			$data[] = array(
						'id' => $folder,
						'parent' => '#',
						'text' => $this->xcloner_settings->get_xcloner_start_path(),
						//'children' => true,

50% of this comment could be valid code. Did you maybe forget this after debugging?

						'state' =>  array('selected' => false, 'opened' => true),
						'icon' => plugin_dir_url(dirname(__FILE__))."/admin/assets/file-icon-root.png"
						);
		}
			
			try{
				$files = $this->xcloner_file_system->list_directory($folder);
			}catch(Exception $e){
				
				print $e->getMessage();
				$this->logger->error($e->getMessage());

				return;
			}
			
			$type = array();
			foreach ($files as $key => $row)
			{
				$type[$key] = $row['type'];
			}
			array_multisort($type, SORT_ASC, $files);
			
			foreach($files as $file)
			{
				$children = false;
				$text = $file['basename'];
				
				if($file['type'] == "dir")
					$children = true;
				else
					 $text .= " (". $this->xcloner_requirements->file_format_size($file['size']).")";
				
				if($this->xcloner_file_system->is_excluded($file))
					$selected = true;
				else
					$selected = false;
					
				$data[] = array(
							'id' => $file['path'],
							'parent' => $folder,
							'text' => $text,
							//'title' => "test",

67% of this comment could be valid code. Did you maybe forget this after debugging?

							'children' => $children,
							'state' =>  array('selected' => $selected, 'opened' => false, "checkbox_disabled" => $selected),
							'icon' => plugin_dir_url(dirname(__FILE__))."/admin/assets/file-icon-".strtolower(substr($file['type'], 0, 1)).".png"
							);
			}
		
		
		return $this->send_response($data, 0);
	}
	
	/*
	 * 
	 * Get databases/tables list for frontend tree display API
	 * 
	 */ 
	public function get_database_tables_action()

get_database_tables_action uses the super-global variable $_POST which is generally not recommended.

	{
		$this->check_access();
		
		$database = $this->xcloner_sanitization->sanitize_input_as_raw($_POST['id']);
		
		$data = array();
		
		$xcloner_backup_only_wp_tables = $this->xcloner_settings->get_xcloner_option('xcloner_backup_only_wp_tables');
	
		if($database == "#")
		{
			try{
				$return = $this->xcloner_database->get_all_databases();
			}catch(Exception $e){
				$this->logger->error($e->getMessage());
			}
			
			foreach($return as $database)
			{
				if($xcloner_backup_only_wp_tables and $database['name'] != $this->xcloner_settings->get_db_database())

Using logical operators such as and instead of && is generally not recommended.

					continue;
					
				$state = array();
				
				if($database['name'] == $this->xcloner_settings->get_db_database())
				{
					$state['selected'] = true;
					if($database['num_tables'] < 25)
						$state['opened'] = false;
				}
					
				$data[] = array(
						'id' => $database['name'],
						'parent' => '#',
						'text' => $database['name']." (".(int)$database['num_tables'].")",
						'children' => true,
						'state' => $state,
						'icon' => plugin_dir_url(dirname(__FILE__))."/admin/assets/database-icon.png"
						);
			}
			
		}
		
		else{
			
			try{
				$return = $this->xcloner_database->list_tables($database, "", 1);
			}catch(Exception $e){
				$this->logger->error($e->getMessage());
			}
			
			foreach($return as $table)
			{
				$state = array();
				
				if($xcloner_backup_only_wp_tables and !stristr($table['name'], $this->xcloner_settings->get_table_prefix()))

Using logical operators such as and instead of && is generally not recommended.

					continue;
				
				if(isset($database['name']) and $database['name'] == $this->xcloner_settings->get_db_database())

Using logical operators such as and instead of && is generally not recommended.

					$state = array('selected' => true);
					
				$data[] = array(
						'id' => $table['name'],
						'parent' => $database,
						'text' => $table['name']." (".(int)$table['records'].")",
						'children' => false,
						'state' => $state,
						'icon' => plugin_dir_url(dirname(__FILE__))."/admin/assets/table-icon.png"
						);
			}
		}
		
		return $this->send_response($data, 0);
	}
	
	/*
	 * 
	 * Get schedule by id API
	 * 
	 */ 
	public function get_schedule_by_id()

get_schedule_by_id uses the super-global variable $_GET which is generally not recommended.

	{
		$this->check_access();
		
		$schedule_id = $this->xcloner_sanitization->sanitize_input_as_int($_GET['id']);
		$scheduler = $this->xcloner_scheduler;
		$data  = $scheduler->get_schedule_by_id($schedule_id);
		
		$data['start_at'] = date("Y-m-d H:i", strtotime($data['start_at']) + (get_option( 'gmt_offset' ) * HOUR_IN_SECONDS));
		if(isset($data['backup_params']->diff_start_date) && $data['backup_params']->diff_start_date != "")
		{
			$data['backup_params']->diff_start_date = date("Y-m-d", ($data['backup_params']->diff_start_date) );
		}
		
		return $this->send_response($data);
	}
	
	/*
	 * 
	 * Get Schedule list API
	 * 
	 */ 
	public function get_scheduler_list()
	{
		$this->check_access();
		
		$scheduler = $this->xcloner_scheduler;
		$data  = $scheduler->get_scheduler_list();
		$return['data'] = array();

$return was never initialized. Although not strictly required by PHP, it is generally a good practice to add $return = array(); before regardless.

		
		foreach($data as $res)
		{
			$action = "<a href=\"#".$res->id."\" class=\"edit\" title='Edit'> <i class=\"material-icons \">edit</i></a> 
					<a href=\"#".$res->id."\" class=\"delete\" title='Delete'><i class=\"material-icons  \">delete</i></a>";
			if($res->status)
				$status = '<i class="material-icons active status">timer</i>';
			else
				$status = '<i class="material-icons status inactive">timer_off</i>';
				
			$next_run_time = wp_next_scheduled('xcloner_scheduler_'.$res->id, array($res->id));
				
			$next_run = date(get_option('date_format')." ".get_option('time_format'), $next_run_time);	
			
			$remote_storage = $res->remote_storage;
			
			if(!$next_run_time >= time())
				$next_run = " ";
			
			if(trim($next_run))
			{
				$date_text = date(get_option('date_format')." ".get_option('time_format'), $next_run_time + (get_option( 'gmt_offset' ) * HOUR_IN_SECONDS));
				
				if($next_run_time >= time())
					$next_run = "in ".human_time_diff($next_run_time, time());
				else
					$next_run = __("executed", 'xcloner-backup-and-restore');
				
				$next_run = "<a href='#' title='".$date_text."'>".$next_run."</a>";
				//$next_run .=" ($date_text)";	

50% of this comment could be valid code. Did you maybe forget this after debugging?

			}
			
			$backup_text = "";
			$backup_size = "";
			$backup_time = "";
			
			if($res->last_backup)
			{
				if( $this->xcloner_file_system->get_storage_filesystem()->has($res->last_backup))
				{
					$metadata = $this->xcloner_file_system->get_storage_filesystem()->getMetadata($res->last_backup);
					$backup_size  = size_format($this->xcloner_file_system->get_backup_size($res->last_backup));
					$backup_time  = date(get_option('date_format')." ".get_option('time_format'), $metadata['timestamp']+(get_option( 'gmt_offset' ) * HOUR_IN_SECONDS));
				}
			
				$backup_text = "<span title='".$backup_time."' class='shorten_string'>".$res->last_backup." (".$backup_size.")</span>";
			}
			
			$schedules = wp_get_schedules();

			if(isset($schedules[$res->recurrence]))
			{
				$res->recurrence = $schedules[$res->recurrence]['display'];
			}
				
			$return['data'][] = array($res->id, $res->name, $res->recurrence,/*$res->start_at,*/ $next_run, $remote_storage, $backup_text, $status, $action);
		}

		return $this->send_response($return, 0);
	}
	
	/*
	 * 
	 * Delete Schedule by ID API
	 * 
	 */
	public function delete_schedule_by_id()

delete_schedule_by_id uses the super-global variable $_GET which is generally not recommended.

	{
		$this->check_access();
		
		$schedule_id = $this->xcloner_sanitization->sanitize_input_as_int($_GET['id']);
		$scheduler = $this->xcloner_scheduler;
		$data['finished']  = $scheduler->delete_schedule_by_id($schedule_id);

$data was never initialized. Although not strictly required by PHP, it is generally a good practice to add $data = array(); before regardless.

		
		return $this->send_response($data);
	}
	
	/*
	 * 
	 * Delete backup by name from the storage path
	 * 
	 */ 
	public function delete_backup_by_name()

delete_backup_by_name uses the super-global variable $_POST which is generally not recommended.

	{
		$this->check_access();
		
		$backup_name = $this->xcloner_sanitization->sanitize_input_as_string($_POST['name']);
		$storage_selection = $this->xcloner_sanitization->sanitize_input_as_string($_POST['storage_selection']);
		
		$data['finished']  = $this->xcloner_file_system->delete_backup_by_name($backup_name, $storage_selection);

$data was never initialized. Although not strictly required by PHP, it is generally a good practice to add $data = array(); before regardless.

		
		return $this->send_response($data);
	}
	
	public function list_backup_files()

list_backup_files uses the super-global variable $_POST which is generally not recommended.

	{
		$this->check_access();
		
		$backup_parts = array();
		
		$source_backup_file = $this->xcloner_sanitization->sanitize_input_as_string($_POST['file']);
		$start = $this->xcloner_sanitization->sanitize_input_as_int($_POST['start']);
		$return['part'] = $this->xcloner_sanitization->sanitize_input_as_int($_POST['part']);

$return was never initialized. Although not strictly required by PHP, it is generally a good practice to add $return = array(); before regardless.

		
		$backup_file = $source_backup_file;
		
		if($this->xcloner_file_system->is_multipart($backup_file))

This code seems to be duplicated across your project.

		{
			$backup_parts = $this->xcloner_file_system->get_multipart_files($backup_file);
			$backup_file = $backup_parts[$return['part']];
		}
		
		try{
			$tar = new Tar();
			$tar->open($this->xcloner_settings->get_xcloner_store_path().DS.$backup_file, $start);

The call to Tar::open() has too many arguments starting with $start.

		
			$data = $tar->contents(get_option('xcloner_files_to_process_per_request'));

The call to Tar::contents() has too many arguments starting with get_option('xcloner_files_to_process_per_request').

		}catch(Exception $e)
		{
			$return['error'] = true;
			$return['message'] = $e->getMessage();
			$this->send_response($return, 0);
		}
		
		$return['files'] 		= array();
		$return['finished'] 	= 1;
		$return['total_size'] 	= filesize($this->xcloner_settings->get_xcloner_store_path().DS.$backup_file);
		$i = 0;
		
		if(isset($data['extracted_files']) and is_array($data['extracted_files']))

Using logical operators such as and instead of && is generally not recommended.

		{
			foreach($data['extracted_files'] as $file)
			{
				$return['files'][$i]['path'] = $file->getPath();
				$return['files'][$i]['size'] = $file->getSize();
				$return['files'][$i]['mtime'] = date(get_option('date_format')." ".get_option('time_format'), $file->getMtime());
				
				$i++;
			}
		}
		
		if(isset($data['start']))

This code seems to be duplicated across your project.

		{
			$return['start'] = $data['start'];
			$return['finished'] = 0;	
		}else{
			if($this->xcloner_file_system->is_multipart($source_backup_file))
			{
				$return['start'] = 0;
				
				++$return['part'];
			
				if($return['part'] < sizeof($backup_parts))	
					$return['finished'] = 0;
				
			}
		}	
		
		$this->send_response($return, 0);
	}
	
	public function copy_backup_remote_to_local()

This method seems to be duplicated in your project.

copy_backup_remote_to_local uses the super-global variable $_POST which is generally not recommended.

	{
	
		$this->check_access();
		
		$backup_file = $this->xcloner_sanitization->sanitize_input_as_string($_POST['file']);
		$storage_type = $this->xcloner_sanitization->sanitize_input_as_string($_POST['storage_type']);
		
		$xcloner_remote_storage = $this->get_xcloner_container()->get_xcloner_remote_storage();
		
		$return = array();
		
		try
		{
			if(method_exists($xcloner_remote_storage, "copy_backup_remote_to_local"))
			{
				$return = call_user_func_array(array($xcloner_remote_storage, "copy_backup_remote_to_local"), array($backup_file, $storage_type));
			}
		}catch(Exception $e){
		
			$return['error'] = 1;
			$return['message'] = $e->getMessage();
		}
		
		if(!$return)
		{
			$return['error'] = 1;
			$return['message'] = "Upload failed, please check the error log for more information!";
		}
			
		
		$this->send_response($return, 0);
		
	}
	
	/*
	 * 
	 * Upload backup to remote API
	 * 
	 */ 
	public function upload_backup_to_remote()

This method seems to be duplicated in your project.

upload_backup_to_remote uses the super-global variable $_POST which is generally not recommended.

	{
		$this->check_access();
		
		$backup_file = $this->xcloner_sanitization->sanitize_input_as_string($_POST['file']);
		$storage_type = $this->xcloner_sanitization->sanitize_input_as_string($_POST['storage_type']);
		
		$xcloner_remote_storage = $this->get_xcloner_container()->get_xcloner_remote_storage();
		
		$return = array();
		
		try
		{
			if(method_exists($xcloner_remote_storage, "upload_backup_to_storage"))
			{
				$return = call_user_func_array(array($xcloner_remote_storage, "upload_backup_to_storage"), array($backup_file, $storage_type));
			}
		}catch(Exception $e){
		
			$return['error'] = 1;
			$return['message'] = $e->getMessage();
		}
		
		if(!$return)
		{
			$return['error'] = 1;
			$return['message'] = "Upload failed, please check the error log for more information!";
		}
			
		
		$this->send_response($return, 0);
		
	}
	
	/*
	 * 
	 * Remote Storage Status Save
	 * 
	 */ 
	public function remote_storage_save_status()

remote_storage_save_status uses the super-global variable $_POST which is generally not recommended.

	{
		$this->check_access();
		
		$xcloner_remote_storage = $this->get_xcloner_container()->get_xcloner_remote_storage();
		
		$return['finished'] = $xcloner_remote_storage->change_storage_status($_POST['id'], $_POST['value']);

$return was never initialized. Although not strictly required by PHP, it is generally a good practice to add $return = array(); before regardless.

		
		$this->send_response($return, 0);
	}
	
	
	public function download_restore_script()
	{
		$this->check_access();
		
		@ob_end_clean();

It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.

		
		$adapter = new Local(dirname(__DIR__) ,LOCK_EX, 'SKIP_LINKS');
		$xcloner_plugin_filesystem = new Filesystem($adapter, new Config([
				'disable_asserts' => true,
			]));
		
		/* Generate PHAR FILE

47% of this comment could be valid code. Did you maybe forget this after debugging?

		$file = 'restore/vendor.built';	

		if(file_exists($file))
			unlink($file);
		$phar2 = new Phar($file, 0, 'vendor.phar');
		
		// add all files in the project, only include php files
		$phar2->buildFromIterator(
		    new RecursiveIteratorIterator(
		     new RecursiveDirectoryIterator(__DIR__.'/vendor/')),
		    __DIR__);
		
		$phar2->setStub($phar2->createDefaultStub('vendor/autoload.php', 'vendor/autoload.php')); 
		 * */
			
		$tmp_file = $this->xcloner_settings->get_xcloner_tmp_path().DS."xcloner-restore.tgz";
		
		$tar = new Tar();
		$tar->create($tmp_file);
		
		$tar->addFile(dirname(__DIR__)."/restore/vendor.build.txt", "vendor.phar");
		//$tar->addFile(dirname(__DIR__)."/restore/vendor.tgz", "vendor.tgz");

74% of this comment could be valid code. Did you maybe forget this after debugging?

		
		$files = $xcloner_plugin_filesystem->listContents("vendor/", true);
		foreach($files as $file)
		{
			$tar->addFile(dirname(__DIR__).DS.$file['path'], $file['path']);
		}
		
		$content = file_get_contents(dirname(__DIR__)."/restore/xcloner_restore.php");
		$content = str_replace("define('AUTH_KEY', '');", "define('AUTH_KEY', '".md5(AUTH_KEY)."');", $content);
		
		$tar->addData("xcloner_restore.php", $content);
		
		$tar->close();
		
		if (file_exists($tmp_file)) {
		    header('Content-Description: File Transfer');
		    header('Content-Type: application/octet-stream');
		    header('Content-Disposition: attachment; filename="'.basename($tmp_file).'"');
		    header('Expires: 0');
		    header('Cache-Control: must-revalidate');
		    header('Pragma: public');
		    header('Content-Length: ' . filesize($tmp_file));
		    readfile($tmp_file);
		    
		}
		
		@unlink($tmp_file);

It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.

		exit;

The method download_restore_script() contains an exit expression.

	}
	
	/*
	 * 
	 * Download backup by Name from the Storage Path
	 * 
	 */ 
	public function download_backup_by_name()

download_backup_by_name uses the super-global variable $_GET which is generally not recommended.

	{
		$this->check_access();
		
		@ob_end_clean();

It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.

		
		$backup_name = $this->xcloner_sanitization->sanitize_input_as_string($_GET['name']);
		
		
		$metadata  = $this->xcloner_file_system->get_storage_filesystem()->getMetadata($backup_name);
		$read_stream  = $this->xcloner_file_system->get_storage_filesystem()->readStream($backup_name);
		
		
		header('Pragma: public');
	    header('Expires: 0');
	    header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
	    header('Cache-Control: private', false);
	    header('Content-Transfer-Encoding: binary');
	    header('Content-Disposition: attachment; filename="'.$metadata['path'].'";');
	    header('Content-Type: application/octet-stream');
	    header('Content-Length: ' . $metadata['size']);
	    
	    @ob_end_clean();

It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.

	    
	    $chunkSize = 1024 * 1024;
	    while (!feof($read_stream))
	    {
	        $buffer = fread($read_stream, $chunkSize);
	        echo $buffer;
	    }
	    fclose($read_stream);
	    exit;

The method download_backup_by_name() contains an exit expression.

    
	}
	
	
	public function restore_upload_backup()

restore_upload_backup uses the super-global variable $_POST which is generally not recommended.

	{
		$this->check_access();
		
		$return['part'] = 0;

$return was never initialized. Although not strictly required by PHP, it is generally a good practice to add $return = array(); before regardless.

		$return['total_parts'] = 0;
		$return['uploaded_size'] = 0;
		$is_multipart = 0;
		
		$file = $this->xcloner_sanitization->sanitize_input_as_string($_POST['file']);
		$hash = $this->xcloner_sanitization->sanitize_input_as_string($_POST['hash']);
		
		if(isset($_POST['part']))
			$return['part'] = $this->xcloner_sanitization->sanitize_input_as_int($_POST['part']);
		
		if(isset($_POST['uploaded_size']))
			$return['uploaded_size'] = $this->xcloner_sanitization->sanitize_input_as_int($_POST['uploaded_size']);
		
		$start = $this->xcloner_sanitization->sanitize_input_as_string($_POST['start']);
		$target_url = $this->xcloner_sanitization->sanitize_input_as_string($_POST['target_url']);
		
		$return['total_size'] = $this->xcloner_file_system->get_backup_size($file);
		
		if($this->xcloner_file_system->is_multipart($file))
		{
			$backup_parts = $this->xcloner_file_system->get_multipart_files($file);
			
			$return['total_parts'] = sizeof($backup_parts)+1;
			
			if($return['part'] and isset($backup_parts[$return['part']-1]))

This code seems to be duplicated across your project.

Using logical operators such as and instead of && is generally not recommended.

			{
				$file = $backup_parts[$return['part']-1];
			}
			
			$is_multipart = 1;	
		}
		
		try{
		
			$xcloner_file_transfer = $this->get_xcloner_container()->get_xcloner_file_transfer();
			$xcloner_file_transfer->set_target($target_url);
			$return['start'] = $xcloner_file_transfer->transfer_file($file, $start, $hash);
		
		}catch(Exception $e){
		
			$return = array();
			$return['error'] = true;
			$return['status'] = 500;
			$return['message'] = "CURL communication error with the restore host. ".$e->getMessage();
			$this->send_response( $return, 0);
		
		}
		
		$return['status'] = 200;
		
		//we have finished the upload
		if(!$return['start'] and $is_multipart)

Using logical operators such as and instead of && is generally not recommended.

		{
			$return['part']++;
			$return['uploaded_size'] += $this->xcloner_file_system->get_storage_filesystem()->getSize($file);
		}
		
		$this->send_response( $return, 0);
	}
	
	public function restore_backup()
	{
		$this->check_access();
		
		define("XCLONER_PLUGIN_ACCESS", 1);
		include_once(dirname(__DIR__) .DS."restore".DS."xcloner_restore.php");
		return;
	}
	
	/*
	 * 
	 * Send the json response back
	 * 
	 */
	private function send_response($data, $attach_hash = 1)
	{
		
		if($attach_hash and null !== $this->xcloner_settings->get_hash())

Using logical operators such as and instead of && is generally not recommended.

		{
			$data['hash'] = $this->xcloner_settings->get_hash();
		}
			
		if( ob_get_length() )
			ob_clean();
		wp_send_json($data);
		
		die();

The method send_response() contains an exit expression.

	}
}