PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 1.5.2
WP 2FA – Two-factor authentication for WordPress v1.5.2
4.0.0 1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Utils / UserUtils.php
wp-2fa / includes / classes / Utils Last commit date
DateTimeUtils.php 5 years ago Debugging.php 5 years ago GenerateModal.php 5 years ago UserUtils.php 5 years ago
UserUtils.php
282 lines
1 <?php
2 namespace WP2FA\Utils;
3
4 use WP2FA\WP2FA as WP2FA;
5 use \WP2FA\Authenticator\BackupCodes as BackupCodes;
6
7 /**
8 * Utility class for creating modal popup markup.
9 *
10 * @package WP2FA\Utils
11 * @since 1.4.2
12 */
13 class UserUtils {
14
15 public static function determine_user_2fa_status( $user ) {
16
17 // Get current user, we going to need this regardless.
18 $current_user = wp_get_current_user();
19
20 // Bail if we still dont have an object.
21 if ( ! is_a( $user, '\WP_User' ) || ! is_a( $current_user, '\WP_User' ) ) {
22 return;
23 }
24
25 $roles = (array) $user->roles;
26
27 // Grab grace period UNIX time.
28 $grace_period_expired = get_user_meta( $user->ID, 'wp_2fa_user_grace_period_expired', true );
29 $is_user_excluded = WP2FA::is_user_excluded( $user->ID );
30
31 // First lets see if the user already has a token.
32 $enabled_methods = get_user_meta( $user->ID, 'wp_2fa_enabled_methods', true );
33
34 $user_type = array();
35
36 if ( empty( $roles ) ) {
37 $user_type[] = 'orphan_user'; // User has no role.
38 }
39
40 if ( current_user_can( 'manage_options' ) ) {
41 $user_type[] = 'can_manage_options';
42 }
43
44 if ( current_user_can( 'read' ) ) {
45 $user_type[] = 'can_read';
46 }
47
48 if ( $grace_period_expired ) {
49 $user_type[] = 'grace_has_expired';
50 }
51
52 if ( $current_user->ID === $user->ID ) {
53 $user_type[] = 'viewing_own_profile';
54 }
55
56 if ( ! empty( $enabled_methods ) ) {
57 $user_type[] = 'has_enabled_methods';
58 }
59
60 if ( empty( $enabled_methods ) && ! $is_user_excluded ) {
61 $user_type[] = 'user_needs_to_setup_2fa';
62 }
63
64 if ( $is_user_excluded ) {
65 $user_type[] = 'user_is_excluded';
66 }
67
68 $codes_remaining = BackupCodes::codes_remaining_for_user( $user );
69 if ( 0 === $codes_remaining ) {
70 $user_type[] = 'user_needs_to_setup_backup_codes';
71 }
72
73 $user_type = apply_filters( 'wp_2fa_additional_user_types', $user_type, $user );
74
75 return $user_type;
76 }
77
78 public static function in_array_all( $needles, $haystack ) {
79 return empty( array_diff( $needles, $haystack ) );
80 }
81
82 public static function get_2fa_methods_available_to_user( $user ) {
83
84 $available_methods = array();
85
86 if ( ! empty( WP2FA::get_wp2fa_setting( 'enable_email' ) ) ) {
87 $available_methods[] = 'email';
88 }
89
90 if ( ! empty( WP2FA::get_wp2fa_setting( 'enable_totp' ) ) ) {
91 $available_methods[] = 'totp';
92 }
93
94 $available_methods = apply_filters( 'wp_2fa_available_2fa_methods', $available_methods );
95
96 return $available_methods;
97 }
98
99 /**
100 * Return all users, either by using a direct query or get_users.
101 *
102 * @param string $method Method to use.
103 * @param array $users_args Query arguments.
104 *
105 * @return mixed Array of IDs/Object of Users.
106 */
107 public static function get_all_users_data( $method, $users_args ) {
108
109 if ( 'get_users' === $method ) {
110 return get_users( $users_args );
111 }
112
113 // method is "query", let's build the SQL query ourselves
114 global $wpdb;
115
116 $batch_size = isset( $users_args['batch_size'] ) ? $users_args['batch_size'] : false;
117 $offset = isset( $users_args['count'] ) ? $users_args['count'] * $batch_size : false;
118
119 // Default.
120 $select = 'SELECT ID, user_login FROM ' . $wpdb->users . '';
121
122 // If we want to grab users with a specific role.
123 if ( isset( $users_args['role__in'] ) && ! empty( $users_args['role__in'] ) ) {
124 $roles = $users_args['role__in'];
125 $select = '
126 SELECT ID, user_login
127 FROM ' . $wpdb->users . ' u INNER JOIN ' . $wpdb->usermeta . ' um
128 ON u.ID = um.user_id
129 WHERE um.meta_key = \'' . $wpdb->prefix . 'capabilities\'
130 AND (
131 ';
132 $i = 1;
133 foreach ( $roles as $role ) {
134 $select .= ' um.meta_value LIKE \'%"' . $role . '"%\' ';
135 if ( $i < count( $roles ) ) {
136 $select .= ' OR ';
137 }
138 $i ++;
139 }
140 $select .= ' ) ';
141
142 $excluded_users = ( ! empty( $users_args['excluded_users'] ) ) ? $users_args['excluded_users'] : [];
143
144 $excluded_users = array_map( function ( $excluded_user ) {
145 return '"' . $excluded_user . '"';
146 }, $excluded_users );
147
148 if ( ! empty( $excluded_users ) ) {
149 $select .= '
150 AND user_login NOT IN ( ' . implode( ',', $excluded_users ) . ' )
151 ';
152 }
153
154 $skip_existing_2fa_users = ( ! empty( $users_args['skip_existing_2fa_users'] ) ) ? $users_args['skip_existing_2fa_users'] : false;
155
156 if ( $skip_existing_2fa_users ) {
157 $select .= '
158 AND u.ID NOT IN (
159 SELECT DISTINCT user_id FROM ' . $wpdb->usermeta . ' WHERE meta_key = \'wp_2fa_enabled_methods\'
160 )
161 ';
162 }
163
164 }
165
166 if ( $batch_size ) {
167 $select .= ' LIMIT ' . $batch_size . ' OFFSET ' . $offset . '';
168 }
169
170 return $wpdb->get_results( $select );
171 }
172
173 /**
174 * Get list of IDs only if they have a specific 2FA method enabled.
175 *
176 * @param string $removing Method to search for.
177 * @param $users_args
178 *
179 * @return array User details.
180 */
181 public static function get_all_user_ids_based_on_enabled_2fa_method( $removing, $users_args ) {
182
183 global $wpdb;
184
185 $batch_size = isset( $users_args['batch_size'] ) ? $users_args['batch_size'] : false;
186 $offset = isset( $users_args['count'] ) ? $users_args['count'] * $batch_size : false;
187
188 $select = '
189 SELECT ID FROM ' . $wpdb->users . '
190 INNER JOIN ' . $wpdb->usermeta . ' ON ' . $wpdb->users . '.ID = ' . $wpdb->usermeta . '.user_id
191 WHERE ' . $wpdb->usermeta . '.meta_key = \'wp_2fa_enabled_methods\'
192 AND ' . $wpdb->usermeta . '.meta_value = \'' . $removing . '\'
193 ';
194
195 if ( $batch_size ) {
196 $select .= '
197 LIMIT ' . $batch_size . ' OFFSET ' . $offset . '
198 ';
199 }
200
201 $users = $wpdb->get_results( $select );
202
203 $users = array_map( function ( $user ) {
204 return (int) $user->ID;
205 }, $users );
206
207 $users = implode( ',', $users );
208
209 return $users;
210 }
211
212 public static function get_all_user_ids_who_have_wp_2fa_metadata_present( $users_args ) {
213
214 global $wpdb;
215
216 $batch_size = isset( $users_args['batch_size'] ) ? $users_args['batch_size'] : false;
217 $offset = isset( $users_args['count'] ) ? $users_args['count'] * $batch_size : false;
218
219 $select = '
220 SELECT ID FROM ' . $wpdb->users . '
221 INNER JOIN ' . $wpdb->usermeta . ' ON ' . $wpdb->users . '.ID = ' . $wpdb->usermeta . '.user_id
222 WHERE ' . $wpdb->usermeta . '.meta_key LIKE \'wp_2fa_%\'
223 ';
224
225 if ( $batch_size ) {
226 $select .= '
227 LIMIT ' . $batch_size . ' OFFSET ' . $offset . '
228 ';
229 }
230
231 $users = $wpdb->get_results( $select );
232
233 $users = array_map( function ( $user ) {
234 return (int) $user->ID;
235 }, $users );
236
237 $users = implode( ',', $users );
238
239 return $users;
240 }
241
242 /**
243 * Retrieve string of comma seperated IDs.
244 *
245 * @param string $method Method to use.
246 * @param array $users_args Query arguments.
247 *
248 * @return string List of IDs.
249 */
250 public static function get_all_user_ids( $method, $users_args ) {
251 $user_data = UserUtils::get_all_users_data( $method, $users_args );
252
253 $users = array_map( function ( $user ) {
254 return (int) $user->ID;
255 }, $user_data );
256
257 return implode( ',', $users );
258 }
259
260 /**
261 * Retrieve array if user IDs and login names.
262 *
263 * @param string $method Method to use.
264 * @param array $users_args Query arguments.
265 *
266 * @return array User details.
267 */
268 public static function get_all_user_ids_and_login_names( $method, $users_args ) {
269 $user_data = UserUtils::get_all_users_data( $method, $users_args );
270 $user_item = [];
271
272 $users = array_map( function ( $user ) {
273 $user_item['ID'] = (int) $user->ID;
274 $user_item['user_login'] = $user->user_login;
275
276 return $user_item;
277 }, $user_data );
278
279 return $users;
280 }
281 }
282