PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 1.4.1
WP 2FA – Two-factor authentication for WordPress v1.4.1
4.0.0 1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Cron / CronTasks.php
wp-2fa / includes / classes / Cron Last commit date
CronTasks.php 5 years ago
CronTasks.php
94 lines
1 <?php // phpcs:ignore
2
3 namespace WP2FA\Cron;
4
5 use \WP2FA\WP2FA as WP2FA;
6 use \WP2FA\Authenticator\Authentication as Authentication;
7
8 /**
9 * Class for handling our crons.
10 */
11 class CronTasks {
12
13 /**
14 * Constructor.
15 */
16 public function __construct() {
17 add_action( 'wp_2fa_check_grace_period_status', array( $this, 'wp_2fa_check_users_grace_period_status' ) );
18 add_action( 'init', array( $this, 'register_check_users_grace_period_status_event' ) );
19 }
20
21 // This function will run once the 'wp_2fa_check_users_grace_period_status' is called
22 public function wp_2fa_check_users_grace_period_status() {
23 $users = array();
24
25 if ( 'do-not-enforce' !== WP2FA::get_wp2fa_setting( 'enforcment-policy' ) && ! empty( WP2FA::get_wp2fa_setting( 'enable_grace_cron' ) ) ) {
26 if ( WP2FA::is_this_multisite() ) {
27 $users_args = array( 'blog_id' => 0 );
28 } else {
29 $users_args = array();
30 }
31 foreach ( get_users( $users_args ) as $user ) {
32 $grace_period_expiry_time = get_user_meta( $user->ID, 'wp_2fa_grace_period_expiry', true );
33 $grace_period_expired = get_user_meta( $user->ID, 'wp_2fa_user_grace_period_expired', true );
34 $locked_notification = get_user_meta( $user->ID, 'wp_2fa_locked_account_notification', true );
35 $is_user_forced_to_setup = get_user_meta( $user->ID, 'wp_2fa_user_enforced_instantly', true );
36 $is_needed = Authentication::is_user_eligible_for_2fa( $user->ID );
37 $is_user_excluded = WP2FA::is_user_excluded( $user->ID );
38 $time_now = time();
39 if ( $grace_period_expiry_time < $time_now && $is_needed && ! $is_user_excluded && ! $is_user_forced_to_setup ) {
40 $grace_expired = update_user_meta( $user->ID, 'wp_2fa_user_grace_period_expired', true );
41
42 // Send the email to alert the user, only if we have not done so before.
43 if ( ! $locked_notification ) {
44 $this->send_expired_grace_email( $user->ID );
45 $locked_account_notification = update_user_meta( $user->ID, 'wp_2fa_locked_account_notification', true );
46 }
47
48 // Check if we also want to destory the user session now that the grace period has expired.
49 if ( ! empty( WP2FA::get_wp2fa_setting( 'enable_destroy_session' ) ) ) {
50 // Grab user session and kill it, preferably with fire.
51 $manager = \WP_Session_Tokens::get_instance( $user->ID );
52 $manager->destroy_all();
53 }
54 }
55 }
56 }
57 }
58
59 // Function which will register the event
60 function register_check_users_grace_period_status_event() {
61 // Make sure this event hasn't been scheduled
62 if ( ! wp_next_scheduled( 'wp_2fa_check_grace_period_status' ) && ! empty( WP2FA::get_wp2fa_setting( 'enable_grace_cron' ) ) ) {
63 // Schedule the event
64 wp_schedule_event( time(), 'hourly', 'wp_2fa_check_grace_period_status' );
65 }
66 }
67
68 /**
69 * Send email to setup authentication
70 */
71 public static function send_expired_grace_email( $user_id ) {
72 // Bail if the user has not enabled this email.
73 if ( 'enable_account_locked_email' !== WP2FA::get_wp2fa_email_templates( 'send_account_locked_email' ) ) {
74 return false;
75 }
76
77 // Grab user data
78 $user = get_userdata( $user_id );
79 // Grab user email
80 $email = $user->user_email;
81
82 $subject = wp_strip_all_tags( WP2FA::replace_email_strings( WP2FA::get_wp2fa_email_templates( 'user_account_locked_email_subject' ), $user_id ) );
83 $message = wpautop( WP2FA::replace_email_strings( WP2FA::get_wp2fa_email_templates( 'user_account_locked_email_body' ), $user_id ) );
84
85 $headers = 'Content-type: text/html;charset=utf-8' . "\r\n";
86
87 if ( 'use-custom-email' === WP2FA::get_wp2fa_email_templates( 'email_from_setting' ) ) {
88 $headers .= "From: ". WP2FA::get_wp2fa_email_templates( 'custom_from_display_name' ) ." <". WP2FA::get_wp2fa_email_templates( 'custom_from_email_address' ) .">" . "\r\n";
89 }
90
91 $mail = wp_mail( $user->user_email, $subject, $message, $headers );
92 }
93 }
94