class-settings-page-email.php
4 years ago
class-settings-page-general.php
4 years ago
class-settings-page-policies.php
4 years ago
class-settings-page-white-label.php
4 years ago
class-settings-page-general.php
272 lines
| 1 | <?php |
| 2 | /** |
| 3 | * Generals settings class. |
| 4 | * |
| 5 | * @package wp2fa |
| 6 | * @copyright 2021 WP White Security |
| 7 | * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 |
| 8 | * @link https://wordpress.org/plugins/wp-2fa/ |
| 9 | */ |
| 10 | |
| 11 | namespace WP2FA\Admin\SettingsPages; |
| 12 | |
| 13 | use \WP2FA\WP2FA as WP2FA; |
| 14 | use \WP2FA\Utils\Debugging as Debugging; |
| 15 | use WP2FA\Utils\SettingsUtils as SettingsUtils; |
| 16 | |
| 17 | /** |
| 18 | * Settings_Page_General - Class for handling general settings |
| 19 | * |
| 20 | * @since 2.0.0 |
| 21 | */ |
| 22 | class Settings_Page_General { |
| 23 | |
| 24 | /** |
| 25 | * Renders the settings |
| 26 | * |
| 27 | * @return void |
| 28 | * |
| 29 | * @since 2.0.0 |
| 30 | */ |
| 31 | public function render() { |
| 32 | settings_fields( WP_2FA_SETTINGS_NAME ); |
| 33 | $this->grace_period_frequency(); |
| 34 | $this->limit_settings_access(); |
| 35 | $this->remove_data_upon_uninstall(); |
| 36 | submit_button( null, 'primary', WP_2FA_SETTINGS_NAME . '[submit]' ); |
| 37 | } |
| 38 | |
| 39 | /** |
| 40 | * Grace period frequency |
| 41 | * |
| 42 | * @return void |
| 43 | * |
| 44 | * @since 2.0.0 |
| 45 | */ |
| 46 | private function grace_period_frequency() { |
| 47 | ?> |
| 48 | <h3><?php esc_html_e( 'How often should the plugin check if a user\'s grace period is over?', 'wp-2fa' ); ?></h3> |
| 49 | <p class="description"> |
| 50 | <?php esc_html_e( 'By default the plugin checks if a users grace periods to setup 2FA has passed when the user tries to login. If you would like the plugin to advise the user within an hour, enable the below option to add a cron job that runs every hour.', 'wp-2fa' ); ?> |
| 51 | </p> |
| 52 | <table class="form-table"> |
| 53 | <tbody> |
| 54 | <tr> |
| 55 | <th><label for="grace-period"><?php esc_html_e( 'Enable cron', 'wp-2fa' ); ?></label></th> |
| 56 | <td> |
| 57 | <fieldset> |
| 58 | <input type="checkbox" id="grace-cron" name="wp_2fa_settings[enable_grace_cron]" value="enable_grace_cron" |
| 59 | <?php checked( 1, WP2FA::get_wp2fa_general_setting( 'enable_grace_cron' ), true ); ?> |
| 60 | > |
| 61 | <?php esc_html_e( 'Use cron job to check grace periods', 'wp-2fa' ); ?> |
| 62 | </fieldset> |
| 63 | </td> |
| 64 | </tr> |
| 65 | <tr class="disabled destory-session-setting"> |
| 66 | <th><label for="destory-session"><?php esc_html_e( 'Destroy session', 'wp-2fa' ); ?></label></th> |
| 67 | <td> |
| 68 | <fieldset> |
| 69 | <input type="checkbox" id="destory-session" name="wp_2fa_settings[enable_destroy_session]" value="enable_destroy_session" |
| 70 | <?php checked( 1, WP2FA::get_wp2fa_general_setting( 'enable_destroy_session' ), true ); ?> |
| 71 | > |
| 72 | <?php esc_html_e( 'Destroy user session when grace period expires?', 'wp-2fa' ); ?> |
| 73 | </fieldset> |
| 74 | </td> |
| 75 | </tr> |
| 76 | </tbody> |
| 77 | </table> |
| 78 | <?php |
| 79 | } |
| 80 | |
| 81 | /** |
| 82 | * Limit settings setting |
| 83 | * |
| 84 | * @return void |
| 85 | * |
| 86 | * @since 2.0.0 |
| 87 | */ |
| 88 | private function limit_settings_access() { |
| 89 | ?> |
| 90 | <br> |
| 91 | <h3><?php esc_html_e( 'Limit 2FA settings access?', 'wp-2fa' ); ?></h3> |
| 92 | <p class="description"> |
| 93 | <?php esc_html_e( 'Use this setting to hide this plugin configuration area from all other admins.', 'wp-2fa' ); ?> |
| 94 | </p> |
| 95 | <table class="form-table"> |
| 96 | <tbody> |
| 97 | <tr> |
| 98 | <th><label for="grace-period"><?php esc_html_e( 'Limit access to 2FA settings', 'wp-2fa' ); ?></label></th> |
| 99 | <td> |
| 100 | <fieldset> |
| 101 | <input type="checkbox" id="limit_access" name="wp_2fa_settings[limit_access]" value="limit_access" |
| 102 | <?php checked( 1, WP2FA::get_wp2fa_general_setting( 'limit_access' ), true ); ?> |
| 103 | > |
| 104 | <?php esc_html_e( 'Hide settings from other administrators', 'wp-2fa' ); ?> |
| 105 | </fieldset> |
| 106 | </td> |
| 107 | </tr> |
| 108 | </tbody> |
| 109 | </table> |
| 110 | <?php |
| 111 | } |
| 112 | |
| 113 | /** |
| 114 | * Validate options before saving |
| 115 | * |
| 116 | * @param array $input The settings array. |
| 117 | * |
| 118 | * @return array|void |
| 119 | */ |
| 120 | public function validate_and_sanitize( $input ) { |
| 121 | |
| 122 | // Bail if user doesnt have permissions to be here. |
| 123 | if ( ! current_user_can( 'manage_options' ) || ! isset( $_POST['action'] ) && ! check_admin_referer( 'wp2fa-step-choose-method' ) ) { |
| 124 | return; |
| 125 | } |
| 126 | |
| 127 | $simple_settings_we_can_loop = array( |
| 128 | 'enable_grace_cron', |
| 129 | 'enable_destroy_session', |
| 130 | 'limit_access', |
| 131 | 'delete_data_upon_uninstall', |
| 132 | ); |
| 133 | |
| 134 | $simple_settings_we_can_loop = apply_filters( 'wp_2fa_loop_general_settings', $simple_settings_we_can_loop ); |
| 135 | |
| 136 | $settings_to_turn_into_bools = array( |
| 137 | 'enable_grace_cron', |
| 138 | 'enable_destroy_session', |
| 139 | 'limit_access', |
| 140 | 'delete_data_upon_uninstall', |
| 141 | ); |
| 142 | |
| 143 | foreach ( $simple_settings_we_can_loop as $simple_setting ) { |
| 144 | if ( ! in_array( $simple_setting, $settings_to_turn_into_bools, true ) ) { |
| 145 | // Is item is not one of our possible settings we want to turn into a bool, process. |
| 146 | $output[ $simple_setting ] = ( isset( $input[ $simple_setting ] ) && ! empty( $input[ $simple_setting ] ) ) ? trim( sanitize_text_field( $input[ $simple_setting ] ) ) : false; |
| 147 | } else { |
| 148 | // This item is one we treat as a bool, so process correctly. |
| 149 | $output[ $simple_setting ] = ( isset( $input[ $simple_setting ] ) && ! empty( $input[ $simple_setting ] ) ) ? true : false; |
| 150 | } |
| 151 | } |
| 152 | |
| 153 | if ( isset( $input['2fa_settings_last_updated_by'] ) && ! empty( $input['2fa_settings_last_updated_by'] ) ) { |
| 154 | $policies = WP2FA::get_wp2fa_setting(); |
| 155 | if ( false === $policies ) { |
| 156 | $policies = WP2FA::getDefaultSettings(); |
| 157 | } |
| 158 | $policies['2fa_settings_last_updated_by'] = $input['2fa_settings_last_updated_by']; |
| 159 | |
| 160 | WP2FA::updatePluginSettings( $policies ); |
| 161 | } |
| 162 | |
| 163 | // Remove duplicates from settings errors. We do this as this sanitization callback is actually fired twice, so we end up with duplicates when saving the settings for the FIRST TIME only. The issue is not present once the settings are in the DB as the sanitization wont fire again. For details on this core issue - https://core.trac.wordpress.org/ticket/21989. |
| 164 | global $wp_settings_errors; |
| 165 | if ( isset( $wp_settings_errors ) ) { |
| 166 | $errors = array_map( 'unserialize', array_unique( array_map( 'serialize', $wp_settings_errors ) ) ); |
| 167 | $wp_settings_errors = $errors; // @codingStandardsIgnoreLine WP $wp_settings_errors assignment |
| 168 | } |
| 169 | |
| 170 | $log_content = __( 'Settings saving processes complete', 'wp-2fa' ); |
| 171 | Debugging::log( $log_content ); |
| 172 | |
| 173 | /** |
| 174 | * Filter the values we are about to store in the plugin settings. |
| 175 | * |
| 176 | * @param array $output - The output array with all the data we will store in the settings. |
| 177 | * @param array $input - The input array with all the data we received from the user. |
| 178 | * |
| 179 | * @since 2.0.0 |
| 180 | */ |
| 181 | $output = apply_filters( 'wp_2fa_filter_output_content_general_settings', $output, $input ); |
| 182 | |
| 183 | // We have overridden any defaults by now so can clear this. |
| 184 | SettingsUtils::delete_option( WP_2FA_PREFIX . 'default_settings_applied' ); |
| 185 | |
| 186 | return $output; |
| 187 | } |
| 188 | |
| 189 | /** |
| 190 | * Updates global settings network options |
| 191 | * |
| 192 | * @return void |
| 193 | * |
| 194 | * @SuppressWarnings(PHPMD.ExitExpressions) |
| 195 | */ |
| 196 | public function update_wp2fa_network_options() { |
| 197 | |
| 198 | if ( isset( $_POST[ WP_2FA_SETTINGS_NAME ] ) ) { |
| 199 | check_admin_referer( 'wp_2fa_settings-options' ); |
| 200 | $options = $this->validate_and_sanitize( wp_unslash( $_POST[ WP_2FA_SETTINGS_NAME ] ) ); // @codingStandardsIgnoreLine - Not sanitized warning |
| 201 | $settings_errors = get_settings_errors( WP_2FA_SETTINGS_NAME ); |
| 202 | if ( ! empty( $settings_errors ) ) { |
| 203 | |
| 204 | // redirect back to our options page. |
| 205 | wp_safe_redirect( |
| 206 | add_query_arg( |
| 207 | array( |
| 208 | 'page' => 'wp-2fa-settings', |
| 209 | 'wp_2fa_network_settings_error' => urlencode_deep( $settings_errors[0]['message'] ), |
| 210 | ), |
| 211 | network_admin_url( 'settings.php' ) |
| 212 | ) |
| 213 | ); |
| 214 | exit; |
| 215 | |
| 216 | } |
| 217 | WP2FA::updatePluginSettings( $options, false, WP_2FA_SETTINGS_NAME ); |
| 218 | |
| 219 | // redirect back to our options page. |
| 220 | wp_safe_redirect( |
| 221 | add_query_arg( |
| 222 | array( |
| 223 | 'page' => 'wp-2fa-settings', |
| 224 | 'tab' => 'generic-settings', |
| 225 | 'wp_2fa_network_settings_updated' => 'true', |
| 226 | ), |
| 227 | network_admin_url( 'admin.php' ) |
| 228 | ) |
| 229 | ); |
| 230 | exit; |
| 231 | } |
| 232 | } |
| 233 | |
| 234 | /** |
| 235 | * Limit settings setting |
| 236 | * |
| 237 | * @return void |
| 238 | * |
| 239 | * @since 2.0.0 |
| 240 | */ |
| 241 | private function remove_data_upon_uninstall() { |
| 242 | ?> |
| 243 | <div class="danger-zone-wrapper"> |
| 244 | <h3><?php esc_html_e( 'Do you want to delete the plugin data from the database upon uninstall?', 'wp-2fa' ); ?></h3> |
| 245 | <p class="description"> |
| 246 | <?php esc_html_e( 'The plugin saves its settings in the WordPress database. By default the plugin settings are kept in the database so if it is installed again, you do not have to reconfigure the plugin. Enable this setting to delete the plugin settings from the database upon uninstall.', 'wp-2fa' ); ?> |
| 247 | </p> |
| 248 | <table class="form-table"> |
| 249 | <tbody> |
| 250 | <tr> |
| 251 | <th><label for="delete_data"><?php esc_html_e( 'Delete data', 'wp-2fa' ); ?></label></th> |
| 252 | <td> |
| 253 | <fieldset> |
| 254 | <input type="checkbox" id="delete_data" name="wp_2fa_settings[delete_data_upon_uninstall]" value="delete_data_upon_uninstall" |
| 255 | <?php checked( 1, WP2FA::get_wp2fa_general_setting( 'delete_data_upon_uninstall' ), true ); ?> |
| 256 | > |
| 257 | <?php esc_html_e( 'Delete data upon uninstall', 'wp-2fa' ); ?> |
| 258 | </fieldset> |
| 259 | </td> |
| 260 | </tr> |
| 261 | </tbody> |
| 262 | </table> |
| 263 | </div> |
| 264 | <?php |
| 265 | $last_user_to_update_settings = get_current_user_id(); |
| 266 | |
| 267 | ?> |
| 268 | <input type="hidden" id="2fa_main_user" name="wp_2fa_settings[2fa_settings_last_updated_by]" value="<?php echo esc_attr( $last_user_to_update_settings ); ?>"> |
| 269 | <?php |
| 270 | } |
| 271 | } |
| 272 |