PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 2.4.0
WP 2FA – Two-factor authentication for WordPress v2.4.0
4.0.0 1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Admin / SettingsPages / class-settings-page-general.php
wp-2fa / includes / classes / Admin / SettingsPages Last commit date
class-settings-page-email.php 3 years ago class-settings-page-general.php 3 years ago class-settings-page-policies.php 3 years ago class-settings-page-white-label.php 3 years ago
class-settings-page-general.php
293 lines
1 <?php
2 /**
3 * Generals settings class.
4 *
5 * @package wp2fa
6 * @subpackage settings-pages
7 * @copyright 2023 WP White Security
8 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
9 * @link https://wordpress.org/plugins/wp-2fa/
10 */
11
12 namespace WP2FA\Admin\SettingsPages;
13
14 use \WP2FA\WP2FA as WP2FA;
15 use \WP2FA\Utils\Debugging as Debugging;
16 use WP2FA\Utils\Settings_Utils as Settings_Utils;
17
18 /**
19 * General settings tab
20 */
21 if ( ! class_exists( '\WP2FA\Admin\SettingsPages\Settings_Page_General' ) ) {
22 /**
23 * Settings_Page_General - Class for handling general settings
24 *
25 * @since 2.0.0
26 */
27 class Settings_Page_General {
28
29 /**
30 * Renders the settings
31 *
32 * @return void
33 *
34 * @since 2.0.0
35 */
36 public function render() {
37 settings_fields( WP_2FA_SETTINGS_NAME );
38 self::no_method_exists();
39 self::limit_settings_access();
40 self::remove_data_upon_uninstall();
41 submit_button( null, 'primary', WP_2FA_SETTINGS_NAME . '[submit]' );
42 }
43
44 /**
45 * Validate options before saving
46 *
47 * @param array $input The settings array.
48 *
49 * @return array|void
50 */
51 public static function validate_and_sanitize( $input ) {
52
53 // Bail if user doesn't have permissions to be here.
54 if ( ! current_user_can( 'manage_options' ) || ! isset( $_POST['action'] ) && ! check_admin_referer( 'wp2fa-step-choose-method' ) ) {
55 return;
56 }
57
58 Debugging::log( 'The following settings will be processed (General): ' . "\n" . wp_json_encode( $input ) );
59
60 $simple_settings_we_can_loop = array(
61 'enable_destroy_session',
62 'limit_access',
63 'delete_data_upon_uninstall',
64 'method_invalid_setting',
65 );
66
67 /**
68 * Gives the ability to change the default general settings.
69 *
70 * @param array $general_settings - The array with the default settings.
71 *
72 * @since 2.0.0
73 */
74 $simple_settings_we_can_loop = apply_filters( WP_2FA_PREFIX . 'loop_general_settings', $simple_settings_we_can_loop );
75
76 $settings_to_turn_into_bools = array(
77 'enable_destroy_session',
78 'limit_access',
79 'delete_data_upon_uninstall',
80 );
81
82 foreach ( $simple_settings_we_can_loop as $simple_setting ) {
83 if ( ! in_array( $simple_setting, $settings_to_turn_into_bools, true ) ) {
84 // Is item is not one of our possible settings we want to turn into a bool, process.
85 $output[ $simple_setting ] = ( isset( $input[ $simple_setting ] ) && ! empty( $input[ $simple_setting ] ) ) ? trim( sanitize_text_field( $input[ $simple_setting ] ) ) : false;
86 } else {
87 // This item is one we treat as a bool, so process correctly.
88 $output[ $simple_setting ] = ( isset( $input[ $simple_setting ] ) && ! empty( $input[ $simple_setting ] ) ) ? true : false;
89 }
90 }
91
92 if ( isset( $input['2fa_settings_last_updated_by'] ) && ! empty( $input['2fa_settings_last_updated_by'] ) ) {
93 $policies = WP2FA::get_wp2fa_setting();
94 if ( false === $policies ) {
95 $policies = WP2FA::get_default_settings();
96 }
97 $policies['2fa_settings_last_updated_by'] = (int) $input['2fa_settings_last_updated_by'];
98
99 WP2FA::update_plugin_settings( $policies );
100 }
101
102 // Remove duplicates from settings errors. We do this as this sanitization callback is actually fired twice, so we end up with duplicates when saving the settings for the FIRST TIME only. The issue is not present once the settings are in the DB as the sanitization wont fire again. For details on this core issue - https://core.trac.wordpress.org/ticket/21989.
103 global $wp_settings_errors;
104 if ( isset( $wp_settings_errors ) ) {
105 $errors = array_map( 'unserialize', array_unique( array_map( 'serialize', $wp_settings_errors ) ) );
106 $wp_settings_errors = $errors; // phpcs:ignore
107 }
108
109 /**
110 * Filter the values we are about to store in the plugin settings.
111 *
112 * @param array $output - The output array with all the data we will store in the settings.
113 * @param array $input - The input array with all the data we received from the user.
114 *
115 * @since 2.0.0
116 */
117 $output = apply_filters( WP_2FA_PREFIX . 'filter_output_content_general_settings', $output, $input );
118
119 // We have overridden any defaults by now so can clear this.
120 Settings_Utils::delete_option( WP_2FA_PREFIX . 'default_settings_applied' );
121
122 Debugging::log( 'The following settings are being saved (General): ' . "\n" . wp_json_encode( $output ) );
123
124 return $output;
125 }
126
127 /**
128 * Updates global settings network options
129 *
130 * @return void
131 *
132 * @SuppressWarnings(PHPMD.ExitExpressions)
133 */
134 public static function update_wp2fa_network_options() {
135
136 if ( isset( $_POST[ WP_2FA_SETTINGS_NAME ] ) ) {
137 check_admin_referer( 'wp_2fa_settings-options' );
138 $options = self::validate_and_sanitize( wp_unslash( $_POST[ WP_2FA_SETTINGS_NAME ] ) ); // phpcs:ignore
139 $settings_errors = get_settings_errors( WP_2FA_SETTINGS_NAME );
140 if ( ! empty( $settings_errors ) ) {
141
142 // redirect back to our options page.
143 wp_safe_redirect(
144 add_query_arg(
145 array(
146 'page' => 'wp-2fa-settings',
147 'wp_2fa_network_settings_error' => urlencode_deep( $settings_errors[0]['message'] ),
148 ),
149 network_admin_url( 'settings.php' )
150 )
151 );
152 exit;
153
154 }
155 WP2FA::update_plugin_settings( $options, false, WP_2FA_SETTINGS_NAME );
156
157 // redirect back to our options page.
158 wp_safe_redirect(
159 add_query_arg(
160 array(
161 'page' => 'wp-2fa-settings',
162 'tab' => 'generic-settings',
163 'wp_2fa_network_settings_updated' => 'true',
164 ),
165 network_admin_url( 'admin.php' )
166 )
167 );
168 exit;
169 }
170 }
171
172 /**
173 * Limit settings setting
174 *
175 * @return void
176 *
177 * @since 2.0.0
178 */
179 private static function remove_data_upon_uninstall() {
180 ?>
181 <div class="danger-zone-wrapper">
182 <h3><?php esc_html_e( 'Do you want to delete the plugin data from the database upon uninstall?', 'wp-2fa' ); ?></h3>
183 <p class="description">
184 <?php esc_html_e( 'The plugin saves its settings in the WordPress database. By default the plugin settings are kept in the database so if it is installed again, you do not have to reconfigure the plugin. Enable this setting to delete the plugin settings from the database upon uninstall.', 'wp-2fa' ); ?>
185 </p>
186 <table class="form-table">
187 <tbody>
188 <tr>
189 <th><label for="delete_data"><?php esc_html_e( 'Delete data', 'wp-2fa' ); ?></label></th>
190 <td>
191 <fieldset>
192 <input type="checkbox" id="delete_data" name="wp_2fa_settings[delete_data_upon_uninstall]" value="delete_data_upon_uninstall"
193 <?php checked( 1, WP2FA::get_wp2fa_general_setting( 'delete_data_upon_uninstall' ), true ); ?>
194 >
195 <?php esc_html_e( 'Delete data upon uninstall', 'wp-2fa' ); ?>
196 </fieldset>
197 </td>
198 </tr>
199 </tbody>
200 </table>
201 </div>
202 <?php
203 $last_user_to_update_settings = get_current_user_id();
204
205 ?>
206 <input type="hidden" id="2fa_main_user" name="wp_2fa_settings[2fa_settings_last_updated_by]" value="<?php echo esc_attr( $last_user_to_update_settings ); ?>">
207 <?php
208 }
209
210 /**
211 * Limit settings setting
212 *
213 * @return void
214 *
215 * @since 2.0.0
216 */
217 private static function limit_settings_access() {
218 ?>
219 <br>
220 <h3><?php esc_html_e( 'Limit 2FA settings access?', 'wp-2fa' ); ?></h3>
221 <p class="description">
222 <?php esc_html_e( 'Use this setting to hide this plugin configuration area from all other admins.', 'wp-2fa' ); ?>
223 </p>
224 <table class="form-table">
225 <tbody>
226 <tr>
227 <th><label for="limit_access"><?php esc_html_e( 'Limit access to 2FA settings', 'wp-2fa' ); ?></label></th>
228 <td>
229 <fieldset>
230 <input type="checkbox" id="limit_access" name="wp_2fa_settings[limit_access]" value="limit_access"
231 <?php checked( 1, WP2FA::get_wp2fa_general_setting( 'limit_access' ), true ); ?>
232 >
233 <?php esc_html_e( 'Hide settings from other administrators', 'wp-2fa' ); ?>
234 </fieldset>
235 </td>
236 </tr>
237 </tbody>
238 </table>
239 <?php
240 }
241
242 /**
243 * Rendering settings when there are no methods
244 *
245 * @return void
246 *
247 * @since 2.2.0
248 */
249 private static function no_method_exists() {
250 ?>
251 <p class="description">
252 <?php
253 printf(
254 // translators: support email.
255 \esc_html__( 'Use this setting below to configure the properties of the two-factor authentication on your website and how users use it. If you have any questions send us an email at %1$s.', 'wp-2fa' ),
256 '<a href="mailto:support@wpwhitesecurity.com">support@wpwhitesecurity.com</a>'
257 );
258 ?>
259 </p>
260 <h3><?php esc_html_e( 'What should the plugin do if the 2FA method used during a user login is unavailable?', 'wp-2fa' ); ?></h3>
261 <p class="description">
262 <?php esc_html_e( 'There may be cases in which the 2FA service is unavailable when a user is trying to log in. For example, the service is unreachable or there are no credits to complete the action. In this case you can configure the plugin to either block the login process, or allow the user to log in without 2FA authentication.', 'wp-2fa' ); ?>
263 </p>
264 <table class="form-table">
265 <tbody>
266 <tr>
267 <th><label for="no-methods"><?php esc_html_e( 'Select action', 'wp-2fa' ); ?></label></th>
268 <td>
269 <fieldset class="contains-hidden-inputs" id="no-methods">
270 <label for="login_block">
271 <input type="radio" name="wp_2fa_settings[method_invalid_setting]" id="login_block" value="login_block"
272 <?php checked( WP2FA::get_wp2fa_general_setting( 'method_invalid_setting' ), 'login_block' ); ?>
273 >
274 <span><?php esc_html_e( 'Block the login.', 'wp-2fa' ); ?></span>
275 </label>
276
277 <br/>
278 <label for="allow_login_without_method">
279 <input type="radio" name="wp_2fa_settings[method_invalid_setting]" id="allow_login_without_method" value="allow_login_without_method"
280 <?php checked( WP2FA::get_wp2fa_general_setting( 'method_invalid_setting' ), 'allow_login_without_method' ); ?>
281 data-unhide-when-checked=".custom-from-inputs">
282 <span><?php esc_html_e( 'Allow the login without 2FA', 'wp-2fa' ); ?></span>
283 </label>
284 </fieldset>
285 </td>
286 </tr>
287 </tbody>
288 </table>
289 <?php
290 }
291 }
292 }
293