PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 2.4.0
WP 2FA – Two-factor authentication for WordPress v2.4.0
1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Shortcodes / class-shortcodes.php
wp-2fa / includes / classes / Shortcodes Last commit date
class-shortcodes.php 3 years ago index.php 5 years ago
class-shortcodes.php
194 lines
1 <?php
2 /**
3 * Responsible for rendering the short codes.
4 *
5 * @package wp2fa
6 * @subpackage short-codes
7 * @copyright 2023 WP White Security
8 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
9 * @link https://wordpress.org/plugins/wp-2fa/
10 */
11
12 namespace WP2FA\Shortcodes;
13
14 use \WP2FA\WP2FA as WP2FA;
15 use \WP2FA\Core as Core;
16 use \WP2FA\Admin\User_Profile as User_Profile;
17 use \WP2FA\Admin\User_Notices as User_Notices;
18 use WP2FA\Admin\Controllers\Settings;
19
20 /**
21 * Class for rendering shortcodes.
22 */
23 class Shortcodes {
24
25 /**
26 * Constructor.
27 */
28 public static function init() {
29 add_shortcode( 'wp-2fa-setup-form', array( __CLASS__, 'user_setup_2fa_form' ) );
30 add_shortcode( 'wp-2fa-setup-notice', array( __CLASS__, 'user_setup_2fa_notice' ) );
31 add_action( 'wp_enqueue_scripts', array( __CLASS__, 'register_2fa_shortcode_scripts' ) );
32 }
33
34 /**
35 * Register scripts and styles.
36 */
37 public static function register_2fa_shortcode_scripts() {
38 // Add our front end stuff, which we only want to load when the shortcode is present.
39 wp_register_script( 'wp_2fa_frontend_scripts', Core\script_url( 'wp-2fa', 'admin' ), array( 'jquery', 'wp_2fa_micro_modals' ), WP_2FA_VERSION, true );
40 wp_register_script( 'wp_2fa_micro_modals', Core\script_url( 'micromodal', 'admin' ), array(), WP_2FA_VERSION, true );
41 wp_register_style( 'wp_2fa_styles', Core\style_url( 'styles', 'frontend' ), array(), WP_2FA_VERSION );
42
43 $data_array = array(
44 'ajaxURL' => admin_url( 'admin-ajax.php' ),
45 'roles' => WP2FA::wp_2fa_get_roles(),
46 'nonce' => wp_create_nonce( 'wp-2fa-settings-nonce' ),
47 'codesPreamble' => esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ),
48 'readyText' => esc_html__( 'I\'m ready', 'wp-2fa' ),
49 'codeReSentText' => esc_html__( 'New code sent', 'wp-2fa' ),
50 'allDoneHeading' => esc_html__( 'All done.', 'wp-2fa' ),
51 'allDoneText' => esc_html__( 'Your login just got more secure.', 'wp-2fa' ),
52 'closeWizard' => esc_html__( 'Close Wizard', 'wp-2fa' ),
53 'invalidEmail' => esc_html__( 'Please use a valid email address', 'wp-2fa' ),
54 );
55 wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faData', $data_array );
56
57 $data_array = array(
58 'ajaxURL' => admin_url( 'admin-ajax.php' ),
59 'nonce' => wp_create_nonce( 'wp2fa-verify-wizard-page' ),
60 'codesPreamble' => esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ),
61 'readyText' => esc_html__( 'I\'m ready', 'wp-2fa' ),
62 'codeReSentText' => esc_html__( 'New code sent', 'wp-2fa' ),
63 'invalidEmail' => esc_html__( 'Please use a valid email address', 'wp-2fa' ),
64 );
65
66 $role = array_key_first( WP2FA::wp_2fa_get_roles() );
67 $redirect_page = Settings::get_role_or_default_setting( 'redirect-user-custom-page-global', 'current', $role );
68 $data_array['redirectToUrl'] = ( '' !== trim( $redirect_page ) ) ? \trailingslashit( get_site_url() ) . $redirect_page : '';
69 // Check and override if custom redirect page is selected and custom redirect is set.
70 if (
71 'yes' === Settings::get_role_or_default_setting( 'create-custom-user-page', 'current', $role ) ||
72 'yes' === Settings::get_role_or_default_setting( 'create-custom-user-page' ) ) {
73 if (
74 '' !== trim( Settings::get_role_or_default_setting( 'redirect-user-custom-page', 'current', $role ) ) ||
75 '' !== trim( Settings::get_role_or_default_setting( 'redirect-user-custom-page' ) ) ) {
76 if ( 'yes' === Settings::get_role_or_default_setting( 'create-custom-user-page', 'current', $role ) ) {
77 $data_array['redirectToUrl'] = trailingslashit( get_site_url() ) . Settings::get_role_or_default_setting( 'redirect-user-custom-page', 'current', $role );
78 } else {
79 $data_array['redirectToUrl'] = trailingslashit( get_site_url() ) . Settings::get_role_or_default_setting( 'redirect-user-custom-page' );
80 }
81 }
82 }
83
84 // Check for shortcode parameter - if one is present use it to redirect the user - highest priority.
85 if ( isset( $redirect_after ) && ! empty( $redirect_after ) ) {
86 $data_array['redirectToUrl'] = trailingslashit( get_site_url() ) . \urlencode( $redirect_after );
87 } elseif ( isset( $_GET['return'] ) && ! empty( $_GET['return'] ) ) {
88 $data_array['redirectToUrl'] = trailingslashit( get_site_url() ) . strip_tags( $_GET['return'] ); // phpcs:ignore
89 }
90
91 wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faWizardData', $data_array );
92
93 /**
94 * Fires when the FE shortcode scripts are registered.
95 *
96 * @param bool $shortcodes - True if called from the short codes method.
97 *
98 * @since 2.2.0
99 */
100 \do_action( WP_2FA_PREFIX . 'shortcode_scripts', true );
101 }
102
103 /**
104 * Output setup form.
105 *
106 * @param array $atts - Array with the attributes passed to shortcode.
107 *
108 * @return string
109 */
110 public static function user_setup_2fa_form( $atts ) {
111
112 /** Shortcode redirect_after is supported, with which the user can override all other settings */
113 extract( // phpcs:ignore
114 shortcode_atts(
115 array(
116 'show_preamble' => 'true',
117 'redirect_after' => '',
118 ),
119 $atts
120 )
121 );
122
123 if ( is_user_logged_in() ) {
124 wp_enqueue_script( 'wp_2fa_frontend_scripts' );
125 wp_enqueue_style( 'wp_2fa_styles' );
126
127 ob_start();
128 echo '<form id="your-profile" class="wp-2fa-configuration-form">';
129 User_Profile::inline_2fa_profile_form( 'output_shortcode', $show_preamble );
130 echo '</form>';
131 $content = ob_get_contents();
132 ob_end_clean();
133 return $content;
134 } elseif ( ! is_admin() && ! is_user_logged_in() ) {
135 $new_page_id = WP2FA::get_wp2fa_setting( 'custom-user-page-id' );
136 $redirect_to = ! empty( $new_page_id ) ? get_permalink( $new_page_id ) : get_home_url();
137 ob_start();
138 echo '<p>' . esc_html__( 'You must be logged in to view this page.', 'wp-2fa' ) . ' <a href="' . esc_url( wp_login_url( $redirect_to ) ) . '">' . esc_html__( 'Login here.', 'wp-2fa' ) . '</a></p>';
139 $content = ob_get_contents();
140 ob_end_clean();
141 return $content;
142 }
143 }
144
145 /**
146 * Output setup nag.
147 *
148 * @param array $atts - Array with the attributes passed to shortcode.
149 *
150 * @return string
151 */
152 public static function user_setup_2fa_notice( $atts ) {
153 extract( // phpcs:ignore
154 shortcode_atts(
155 array(
156 'configure_2fa_url' => '',
157 ),
158 $atts
159 )
160 );
161
162 // TODO: is that really necessary?
163 User_Notices::init();
164
165 if ( ! is_admin() && is_user_logged_in() ) {
166 wp_enqueue_script( 'wp_2fa_micro_modals' );
167 wp_enqueue_script( 'wp_2fa_frontend_scripts' );
168 wp_enqueue_style( 'wp_2fa_styles' );
169
170 $data_array = array(
171 'ajaxURL' => admin_url( 'admin-ajax.php' ),
172 'roles' => WP2FA::wp_2fa_get_roles(),
173 'nonce' => wp_create_nonce( 'wp-2fa-settings-nonce' ),
174 'codesPreamble' => esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ),
175 'readyText' => esc_html__( 'I\'m ready', 'wp-2fa' ),
176 'codeReSentText' => esc_html__( 'New code sent', 'wp-2fa' ),
177 'allDoneHeading' => esc_html__( 'All done.', 'wp-2fa' ),
178 'allDoneText' => esc_html__( 'Your login just got more secure.', 'wp-2fa' ),
179 'closeWizard' => esc_html__( 'Close Wizard', 'wp-2fa' ),
180 );
181 wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faData', $data_array );
182
183 ob_start();
184 User_Notices::user_setup_2fa_nag( 'output_shortcode', $configure_2fa_url );
185 $content = ob_get_contents();
186 ob_end_clean();
187
188 return $content;
189 }
190
191 return '';
192 }
193 }
194