PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 1.5.2
WP 2FA – Two-factor authentication for WordPress v1.5.2
1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / functions / core.php
wp-2fa / includes / functions Last commit date
core.php 5 years ago login-header.php 6 years ago
core.php
327 lines
1 <?php // phpcs:ignore
2
3 /**
4 * Core plugin functionality.
5 *
6 * @package WP2FA
7 */
8
9 namespace WP2FA\Core;
10
11 use \WP2FA\Admin\SettingsPage as SettingsPage;
12 use \WP2FA\Utils\UserUtils;
13
14 /**
15 * Default setup routine
16 *
17 * @return void
18 */
19 function setup() {
20 $n = function( $function ) {
21 return __NAMESPACE__ . "\\$function";
22 };
23
24 add_action( 'init', $n( 'i18n' ) );
25 add_action( 'init', $n( 'init' ) );
26 add_action( 'admin_enqueue_scripts', $n( 'admin_scripts' ) );
27 add_action( 'admin_enqueue_scripts', $n( 'admin_styles' ) );
28
29 // Hook to allow async or defer on asset loading.
30 add_filter( 'script_loader_tag', $n( 'script_loader_tag' ), 10, 2 );
31
32 do_action( 'wp_2fa_loaded' );
33
34 run_updates();
35 }
36
37 /**
38 * Registers the default textdomain.
39 *
40 * @return void
41 */
42 function i18n() {
43 $locale = apply_filters( 'plugin_locale', get_locale(), 'wp-2fa' );
44 load_textdomain( 'wp-2fa', WP_LANG_DIR . '/wp-2fa/wp-2fa-' . $locale . '.mo' );
45 load_plugin_textdomain( 'wp-2fa', false, plugin_basename( WP_2FA_PATH ) . '/languages/' );
46 }
47
48 /**
49 * Initializes the plugin and fires an action other plugins can hook into.
50 *
51 * @return void
52 */
53 function init() {
54 do_action( 'wp_2fa_init' );
55 }
56
57 /**
58 * Activate the plugin
59 *
60 * @return void
61 */
62 function activate() {
63 // First load the init scripts in case any rewrite functionality is being loaded.
64 init();
65 flush_rewrite_rules();
66
67 // Check if the user is allowed to manage options for the site.
68 if ( current_user_can( 'manage_options' ) ) {
69 // Add an option to let our plugin know this user has not been through the setup wizard.
70 add_option( 'wp_2fa_redirect_on_activate', true );
71 }
72
73 // Add plugin version to wp_options.
74 if ( \WP2FA\WP2FA::is_this_multisite() ) {
75 add_network_option( null, 'wp_2fa_plugin_version', WP_2FA_VERSION );
76 } else {
77 add_option( 'wp_2fa_plugin_version', WP_2FA_VERSION );
78 }
79 }
80
81 /**
82 * Deactivate the plugin
83 *
84 * Uninstall routines should be in uninstall.php
85 *
86 * @return void
87 */
88 function deactivate() {
89
90 }
91
92 /**
93 * Uninstall the plugin
94 *
95 * @return void
96 */
97 function uninstall() {
98 if ( ! empty( \WP2FA\WP2FA::get_wp2fa_setting( 'delete_data_upon_uninstall' ) ) ) {
99 // Delete settings from wp_options.
100 if ( \WP2FA\WP2FA::is_this_multisite() ) {
101 $network_id = get_current_network_id();
102 global $wpdb;
103 $wpdb->query(
104 $wpdb->prepare(
105 "
106 DELETE FROM $wpdb->sitemeta
107 WHERE meta_key LIKE %s
108 AND site_id = %d
109 ",
110 [
111 'wp_2fa_%',
112 $network_id
113 ]
114 )
115 );
116 } else {
117 global $wpdb;
118 $wpdb->query(
119 $wpdb->prepare(
120 "
121 DELETE FROM $wpdb->options
122 WHERE option_name LIKE %s
123 ",
124 [
125 'wp_2fa_%',
126 ]
127 )
128 );
129 }
130
131 $users_args = array(
132 'fields' => array( 'ID' ),
133 );
134 if ( \WP2FA\WP2FA::is_this_multisite() ) {
135 $users_args['blog_id'] = 0;
136 }
137 $settings = new SettingsPage();
138 $users = UserUtils::get_all_user_ids( 'query', $users_args );
139 if ( ! is_array( $users ) ) {
140 $users = explode( ',', $users );
141 }
142
143 foreach ( $users as $user_id ) {
144 global $wpdb;
145 $wpdb->query(
146 $wpdb->prepare(
147 "
148 DELETE FROM $wpdb->usermeta
149 WHERE user_id = %d
150 AND meta_key LIKE %s
151 ",
152 [
153 $user_id,
154 'wp_2fa_%'
155 ]
156 )
157 );
158 }
159 }
160 }
161
162 /**
163 * The list of knows contexts for enqueuing scripts/styles.
164 *
165 * @return array
166 */
167 function get_enqueue_contexts() {
168 return array( 'admin', 'frontend', 'shared' );
169 }
170
171 /**
172 * Generate an URL to a script, taking into account whether SCRIPT_DEBUG is enabled.
173 *
174 * @param string $script Script file name (no .js extension).
175 * @param string $context Context for the script ('admin', 'frontend', or 'shared').
176 *
177 * @return string|WP_Error URL
178 */
179 function script_url( $script, $context ) {
180
181 if ( ! in_array( $context, get_enqueue_contexts(), true ) ) {
182 return new \WP_Error( 'invalid_enqueue_context', 'Invalid $context specified in WP2FA script loader.' );
183 }
184
185 return WP_2FA_URL . "dist/js/${script}.js";
186
187 }
188
189 /**
190 * Generate an URL to a stylesheet, taking into account whether SCRIPT_DEBUG is enabled.
191 *
192 * @param string $stylesheet Stylesheet file name (no .css extension).
193 * @param string $context Context for the script ('admin', 'frontend', or 'shared').
194 *
195 * @return string URL
196 */
197 function style_url( $stylesheet, $context ) {
198
199 if ( ! in_array( $context, get_enqueue_contexts(), true ) ) {
200 return new \WP_Error( 'invalid_enqueue_context', 'Invalid $context specified in WP2FA stylesheet loader.' );
201 }
202
203 return WP_2FA_URL . "dist/css/${stylesheet}.css";
204
205 }
206
207 /**
208 * Enqueue scripts for admin.
209 *
210 * @return void
211 */
212 function admin_scripts() {
213
214 wp_enqueue_script(
215 'wp_2fa_admin',
216 script_url( 'admin', 'admin' ),
217 array( 'jquery-ui-widget', 'jquery-ui-core', 'jquery-ui-autocomplete', 'wp_2fa_micro_modals' ),
218 WP_2FA_VERSION,
219 true
220 );
221
222 wp_enqueue_script(
223 'wp_2fa_micro_modals',
224 script_url( 'micro-modal', 'admin' ),
225 array(),
226 WP_2FA_VERSION,
227 true
228 );
229
230 // Data array.
231 $data_array = array(
232 'ajaxURL' => admin_url( 'admin-ajax.php' ),
233 'roles' => \WP2FA\WP2FA::wp_2fa_get_roles(),
234 'nonce' => wp_create_nonce( 'wp-2fa-settings-nonce' ),
235 'codeValidatedHeading' => esc_html__( 'Congratulations', 'wp-2fa' ),
236 'codeValidatedText' => esc_html__( 'Your account just got more secure', 'wp-2fa' ),
237 'codeValidatedButton' => esc_html__( 'Close Wizard & Refresh', 'wp-2fa' ),
238 'processingText' => esc_html__( 'Processing Update', 'wp-2fa' ),
239 'email_sent_success' => esc_html__( 'Email successfully sent', 'wp-2fa' ),
240 'email_sent_failure' => esc_html__( 'Email delivery failed', 'wp-2fa' )
241 );
242 wp_localize_script( 'wp_2fa_admin', 'wp2faData', $data_array );
243
244 $data_array = array(
245 'ajaxURL' => admin_url( 'admin-ajax.php' ),
246 'nonce' => wp_create_nonce( 'wp2fa-verify-wizard-page' ),
247 'codesPreamble' => esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ),
248 'readyText' => esc_html__( 'I\'m ready', 'wp-2fa' ),
249 'codeReSentText' => esc_html__( 'New code sent', 'wp-2fa' ),
250 );
251 wp_localize_script( 'wp_2fa_admin', 'wp2faWizardData', $data_array );
252
253 }
254
255 /**
256 * Enqueue styles for admin.
257 *
258 * @return void
259 */
260 function admin_styles() {
261
262 wp_enqueue_style(
263 'wp_2fa_admin',
264 style_url( 'admin-style', 'admin' ),
265 array(),
266 WP_2FA_VERSION
267 );
268
269 }
270
271 /**
272 * Add async/defer attributes to enqueued scripts that have the specified script_execution flag.
273 *
274 * @link https://core.trac.wordpress.org/ticket/12009
275 * @param string $tag The script tag.
276 * @param string $handle The script handle.
277 * @return string
278 */
279 function script_loader_tag( $tag, $handle ) {
280 $script_execution = wp_scripts()->get_data( $handle, 'script_execution' );
281
282 if ( ! $script_execution ) {
283 return $tag;
284 }
285
286 if ( 'async' !== $script_execution && 'defer' !== $script_execution ) {
287 return $tag;
288 }
289
290 // Abort adding async/defer for scripts that have this script as a dependency. _doing_it_wrong()?
291 foreach ( wp_scripts()->registered as $script ) {
292 if ( in_array( $handle, $script->deps, true ) ) {
293 return $tag;
294 }
295 }
296
297 // Add the attribute if it hasn't already been added.
298 if ( ! preg_match( ":\s$script_execution(=|>|\s):", $tag ) ) {
299 $tag = preg_replace( ':(?=></script>):', " $script_execution", $tag, 1 );
300 }
301
302 return $tag;
303 }
304
305 /**
306 * Checks if the plugin has just been updated and runs any update routines.
307 *
308 * @method run_updates
309 * @since 1.5.0
310 */
311 function run_updates() {
312 $old_version = get_option( 'wp_2fa_plugin_version', '0.0.0' );
313
314 if ( WP_2FA_VERSION !== $old_version ) {
315 $settings = get_option( 'wp_2fa_settings' );
316
317 if ( is_array( $settings ) && array_key_exists( 'enforcment-policy', $settings ) ) {
318 // Correct setting name.
319 $settings['enforcement-policy'] = $settings['enforcment-policy'];
320 // Remove old setting.
321 unset( $settings['enforcment-policy'] );
322 // Update settings.
323 $update_options = update_site_option( 'wp_2fa_settings', $settings );
324 }
325 }
326 }
327