PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 2.0.0
WP 2FA – Two-factor authentication for WordPress v2.0.0
4.0.0 1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Admin / SettingsPages / class-settings-page-general.php
wp-2fa / includes / classes / Admin / SettingsPages Last commit date
class-settings-page-email.php 4 years ago class-settings-page-general.php 4 years ago class-settings-page-policies.php 4 years ago class-settings-page-white-label.php 4 years ago
class-settings-page-general.php
272 lines
1 <?php
2 /**
3 * Generals settings class.
4 *
5 * @package wp2fa
6 * @copyright 2021 WP White Security
7 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
8 * @link https://wordpress.org/plugins/wp-2fa/
9 */
10
11 namespace WP2FA\Admin\SettingsPages;
12
13 use \WP2FA\WP2FA as WP2FA;
14 use \WP2FA\Utils\Debugging as Debugging;
15 use WP2FA\Utils\SettingsUtils as SettingsUtils;
16
17 /**
18 * Settings_Page_General - Class for handling general settings
19 *
20 * @since 2.0.0
21 */
22 class Settings_Page_General {
23
24 /**
25 * Renders the settings
26 *
27 * @return void
28 *
29 * @since 2.0.0
30 */
31 public function render() {
32 settings_fields( WP_2FA_SETTINGS_NAME );
33 $this->grace_period_frequency();
34 $this->limit_settings_access();
35 $this->remove_data_upon_uninstall();
36 submit_button( null, 'primary', WP_2FA_SETTINGS_NAME . '[submit]' );
37 }
38
39 /**
40 * Grace period frequency
41 *
42 * @return void
43 *
44 * @since 2.0.0
45 */
46 private function grace_period_frequency() {
47 ?>
48 <h3><?php esc_html_e( 'How often should the plugin check if a user\'s grace period is over?', 'wp-2fa' ); ?></h3>
49 <p class="description">
50 <?php esc_html_e( 'By default the plugin checks if a users grace periods to setup 2FA has passed when the user tries to login. If you would like the plugin to advise the user within an hour, enable the below option to add a cron job that runs every hour.', 'wp-2fa' ); ?>
51 </p>
52 <table class="form-table">
53 <tbody>
54 <tr>
55 <th><label for="grace-period"><?php esc_html_e( 'Enable cron', 'wp-2fa' ); ?></label></th>
56 <td>
57 <fieldset>
58 <input type="checkbox" id="grace-cron" name="wp_2fa_settings[enable_grace_cron]" value="enable_grace_cron"
59 <?php checked( 1, WP2FA::get_wp2fa_general_setting( 'enable_grace_cron' ), true ); ?>
60 >
61 <?php esc_html_e( 'Use cron job to check grace periods', 'wp-2fa' ); ?>
62 </fieldset>
63 </td>
64 </tr>
65 <tr class="disabled destory-session-setting">
66 <th><label for="destory-session"><?php esc_html_e( 'Destroy session', 'wp-2fa' ); ?></label></th>
67 <td>
68 <fieldset>
69 <input type="checkbox" id="destory-session" name="wp_2fa_settings[enable_destroy_session]" value="enable_destroy_session"
70 <?php checked( 1, WP2FA::get_wp2fa_general_setting( 'enable_destroy_session' ), true ); ?>
71 >
72 <?php esc_html_e( 'Destroy user session when grace period expires?', 'wp-2fa' ); ?>
73 </fieldset>
74 </td>
75 </tr>
76 </tbody>
77 </table>
78 <?php
79 }
80
81 /**
82 * Limit settings setting
83 *
84 * @return void
85 *
86 * @since 2.0.0
87 */
88 private function limit_settings_access() {
89 ?>
90 <br>
91 <h3><?php esc_html_e( 'Limit 2FA settings access?', 'wp-2fa' ); ?></h3>
92 <p class="description">
93 <?php esc_html_e( 'Use this setting to hide this plugin configuration area from all other admins.', 'wp-2fa' ); ?>
94 </p>
95 <table class="form-table">
96 <tbody>
97 <tr>
98 <th><label for="grace-period"><?php esc_html_e( 'Limit access to 2FA settings', 'wp-2fa' ); ?></label></th>
99 <td>
100 <fieldset>
101 <input type="checkbox" id="limit_access" name="wp_2fa_settings[limit_access]" value="limit_access"
102 <?php checked( 1, WP2FA::get_wp2fa_general_setting( 'limit_access' ), true ); ?>
103 >
104 <?php esc_html_e( 'Hide settings from other administrators', 'wp-2fa' ); ?>
105 </fieldset>
106 </td>
107 </tr>
108 </tbody>
109 </table>
110 <?php
111 }
112
113 /**
114 * Validate options before saving
115 *
116 * @param array $input The settings array.
117 *
118 * @return array|void
119 */
120 public function validate_and_sanitize( $input ) {
121
122 // Bail if user doesnt have permissions to be here.
123 if ( ! current_user_can( 'manage_options' ) || ! isset( $_POST['action'] ) && ! check_admin_referer( 'wp2fa-step-choose-method' ) ) {
124 return;
125 }
126
127 $simple_settings_we_can_loop = array(
128 'enable_grace_cron',
129 'enable_destroy_session',
130 'limit_access',
131 'delete_data_upon_uninstall',
132 );
133
134 $simple_settings_we_can_loop = apply_filters( 'wp_2fa_loop_general_settings', $simple_settings_we_can_loop );
135
136 $settings_to_turn_into_bools = array(
137 'enable_grace_cron',
138 'enable_destroy_session',
139 'limit_access',
140 'delete_data_upon_uninstall',
141 );
142
143 foreach ( $simple_settings_we_can_loop as $simple_setting ) {
144 if ( ! in_array( $simple_setting, $settings_to_turn_into_bools, true ) ) {
145 // Is item is not one of our possible settings we want to turn into a bool, process.
146 $output[ $simple_setting ] = ( isset( $input[ $simple_setting ] ) && ! empty( $input[ $simple_setting ] ) ) ? trim( sanitize_text_field( $input[ $simple_setting ] ) ) : false;
147 } else {
148 // This item is one we treat as a bool, so process correctly.
149 $output[ $simple_setting ] = ( isset( $input[ $simple_setting ] ) && ! empty( $input[ $simple_setting ] ) ) ? true : false;
150 }
151 }
152
153 if ( isset( $input['2fa_settings_last_updated_by'] ) && ! empty( $input['2fa_settings_last_updated_by'] ) ) {
154 $policies = WP2FA::get_wp2fa_setting();
155 if ( false === $policies ) {
156 $policies = WP2FA::getDefaultSettings();
157 }
158 $policies['2fa_settings_last_updated_by'] = $input['2fa_settings_last_updated_by'];
159
160 WP2FA::updatePluginSettings( $policies );
161 }
162
163 // Remove duplicates from settings errors. We do this as this sanitization callback is actually fired twice, so we end up with duplicates when saving the settings for the FIRST TIME only. The issue is not present once the settings are in the DB as the sanitization wont fire again. For details on this core issue - https://core.trac.wordpress.org/ticket/21989.
164 global $wp_settings_errors;
165 if ( isset( $wp_settings_errors ) ) {
166 $errors = array_map( 'unserialize', array_unique( array_map( 'serialize', $wp_settings_errors ) ) );
167 $wp_settings_errors = $errors; // @codingStandardsIgnoreLine WP $wp_settings_errors assignment
168 }
169
170 $log_content = __( 'Settings saving processes complete', 'wp-2fa' );
171 Debugging::log( $log_content );
172
173 /**
174 * Filter the values we are about to store in the plugin settings.
175 *
176 * @param array $output - The output array with all the data we will store in the settings.
177 * @param array $input - The input array with all the data we received from the user.
178 *
179 * @since 2.0.0
180 */
181 $output = apply_filters( 'wp_2fa_filter_output_content_general_settings', $output, $input );
182
183 // We have overridden any defaults by now so can clear this.
184 SettingsUtils::delete_option( WP_2FA_PREFIX . 'default_settings_applied' );
185
186 return $output;
187 }
188
189 /**
190 * Updates global settings network options
191 *
192 * @return void
193 *
194 * @SuppressWarnings(PHPMD.ExitExpressions)
195 */
196 public function update_wp2fa_network_options() {
197
198 if ( isset( $_POST[ WP_2FA_SETTINGS_NAME ] ) ) {
199 check_admin_referer( 'wp_2fa_settings-options' );
200 $options = $this->validate_and_sanitize( wp_unslash( $_POST[ WP_2FA_SETTINGS_NAME ] ) ); // @codingStandardsIgnoreLine - Not sanitized warning
201 $settings_errors = get_settings_errors( WP_2FA_SETTINGS_NAME );
202 if ( ! empty( $settings_errors ) ) {
203
204 // redirect back to our options page.
205 wp_safe_redirect(
206 add_query_arg(
207 array(
208 'page' => 'wp-2fa-settings',
209 'wp_2fa_network_settings_error' => urlencode_deep( $settings_errors[0]['message'] ),
210 ),
211 network_admin_url( 'settings.php' )
212 )
213 );
214 exit;
215
216 }
217 WP2FA::updatePluginSettings( $options, false, WP_2FA_SETTINGS_NAME );
218
219 // redirect back to our options page.
220 wp_safe_redirect(
221 add_query_arg(
222 array(
223 'page' => 'wp-2fa-settings',
224 'tab' => 'generic-settings',
225 'wp_2fa_network_settings_updated' => 'true',
226 ),
227 network_admin_url( 'admin.php' )
228 )
229 );
230 exit;
231 }
232 }
233
234 /**
235 * Limit settings setting
236 *
237 * @return void
238 *
239 * @since 2.0.0
240 */
241 private function remove_data_upon_uninstall() {
242 ?>
243 <div class="danger-zone-wrapper">
244 <h3><?php esc_html_e( 'Do you want to delete the plugin data from the database upon uninstall?', 'wp-2fa' ); ?></h3>
245 <p class="description">
246 <?php esc_html_e( 'The plugin saves its settings in the WordPress database. By default the plugin settings are kept in the database so if it is installed again, you do not have to reconfigure the plugin. Enable this setting to delete the plugin settings from the database upon uninstall.', 'wp-2fa' ); ?>
247 </p>
248 <table class="form-table">
249 <tbody>
250 <tr>
251 <th><label for="delete_data"><?php esc_html_e( 'Delete data', 'wp-2fa' ); ?></label></th>
252 <td>
253 <fieldset>
254 <input type="checkbox" id="delete_data" name="wp_2fa_settings[delete_data_upon_uninstall]" value="delete_data_upon_uninstall"
255 <?php checked( 1, WP2FA::get_wp2fa_general_setting( 'delete_data_upon_uninstall' ), true ); ?>
256 >
257 <?php esc_html_e( 'Delete data upon uninstall', 'wp-2fa' ); ?>
258 </fieldset>
259 </td>
260 </tr>
261 </tbody>
262 </table>
263 </div>
264 <?php
265 $last_user_to_update_settings = get_current_user_id();
266
267 ?>
268 <input type="hidden" id="2fa_main_user" name="wp_2fa_settings[2fa_settings_last_updated_by]" value="<?php echo esc_attr( $last_user_to_update_settings ); ?>">
269 <?php
270 }
271 }
272