PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 2.4.2
WP 2FA – Two-factor authentication for WordPress v2.4.2
1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Shortcodes / class-shortcodes.php
wp-2fa / includes / classes / Shortcodes Last commit date
class-shortcodes.php 3 years ago index.php 5 years ago
class-shortcodes.php
195 lines
1 <?php
2 /**
3 * Responsible for rendering the short codes.
4 *
5 * @package wp2fa
6 * @subpackage short-codes
7 * @copyright 2023 WP White Security
8 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
9 * @link https://wordpress.org/plugins/wp-2fa/
10 */
11
12 namespace WP2FA\Shortcodes;
13
14 use \WP2FA\WP2FA as WP2FA;
15 use \WP2FA\Core as Core;
16 use \WP2FA\Admin\User_Profile as User_Profile;
17 use \WP2FA\Admin\User_Notices as User_Notices;
18 use WP2FA\Admin\Controllers\Settings;
19
20 /**
21 * Class for rendering shortcodes.
22 */
23 class Shortcodes {
24
25 /**
26 * Constructor.
27 */
28 public static function init() {
29 add_shortcode( 'wp-2fa-setup-form', array( __CLASS__, 'user_setup_2fa_form' ) );
30 add_shortcode( 'wp-2fa-setup-notice', array( __CLASS__, 'user_setup_2fa_notice' ) );
31 add_action( 'wp_enqueue_scripts', array( __CLASS__, 'register_2fa_shortcode_scripts' ) );
32 }
33
34 /**
35 * Register scripts and styles.
36 */
37 public static function register_2fa_shortcode_scripts() {
38 // Add our front end stuff, which we only want to load when the shortcode is present.
39 wp_register_script( 'wp_2fa_frontend_scripts', Core\script_url( 'wp-2fa', 'admin' ), array( 'jquery', 'wp_2fa_micro_modals' ), WP_2FA_VERSION, true );
40 wp_register_script( 'wp_2fa_micro_modals', Core\script_url( 'micromodal', 'admin' ), array(), WP_2FA_VERSION, true );
41 wp_register_style( 'wp_2fa_styles', Core\style_url( 'styles', 'frontend' ), array(), WP_2FA_VERSION );
42
43 $data_array = array(
44 'ajaxURL' => admin_url( 'admin-ajax.php' ),
45 'roles' => WP2FA::wp_2fa_get_roles(),
46 'nonce' => wp_create_nonce( 'wp-2fa-settings-nonce' ),
47 'codesPreamble' => esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ),
48 'readyText' => esc_html__( 'I\'m ready', 'wp-2fa' ),
49 'codeReSentText' => esc_html__( 'New code sent', 'wp-2fa' ),
50 'allDoneHeading' => esc_html__( 'All done.', 'wp-2fa' ),
51 'allDoneText' => esc_html__( 'Your login just got more secure.', 'wp-2fa' ),
52 'closeWizard' => esc_html__( 'Close Wizard', 'wp-2fa' ),
53 'invalidEmail' => esc_html__( 'Please use a valid email address', 'wp-2fa' ),
54 );
55 wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faData', $data_array );
56
57 $data_array = array(
58 'ajaxURL' => admin_url( 'admin-ajax.php' ),
59 'nonce' => wp_create_nonce( 'wp2fa-verify-wizard-page' ),
60 'codesPreamble' => esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ),
61 'readyText' => esc_html__( 'I\'m ready', 'wp-2fa' ),
62 'codeReSentText' => esc_html__( 'New code sent', 'wp-2fa' ),
63 'invalidEmail' => esc_html__( 'Please use a valid email address', 'wp-2fa' ),
64 'backupCodesSent' => esc_html__( 'Backup codes sent', 'wp-2fa' ),
65 );
66
67 $role = array_key_first( WP2FA::wp_2fa_get_roles() );
68 $redirect_page = Settings::get_role_or_default_setting( 'redirect-user-custom-page-global', 'current', $role );
69 $data_array['redirectToUrl'] = ( '' !== trim( $redirect_page ) ) ? \trailingslashit( get_site_url() ) . $redirect_page : '';
70 // Check and override if custom redirect page is selected and custom redirect is set.
71 if (
72 'yes' === Settings::get_role_or_default_setting( 'create-custom-user-page', 'current', $role ) ||
73 'yes' === Settings::get_role_or_default_setting( 'create-custom-user-page' ) ) {
74 if (
75 '' !== trim( Settings::get_role_or_default_setting( 'redirect-user-custom-page', 'current', $role ) ) ||
76 '' !== trim( Settings::get_role_or_default_setting( 'redirect-user-custom-page' ) ) ) {
77 if ( 'yes' === Settings::get_role_or_default_setting( 'create-custom-user-page', 'current', $role ) ) {
78 $data_array['redirectToUrl'] = trailingslashit( get_site_url() ) . Settings::get_role_or_default_setting( 'redirect-user-custom-page', 'current', $role );
79 } else {
80 $data_array['redirectToUrl'] = trailingslashit( get_site_url() ) . Settings::get_role_or_default_setting( 'redirect-user-custom-page' );
81 }
82 }
83 }
84
85 // Check for shortcode parameter - if one is present use it to redirect the user - highest priority.
86 if ( isset( $redirect_after ) && ! empty( $redirect_after ) ) {
87 $data_array['redirectToUrl'] = trailingslashit( get_site_url() ) . \urlencode( $redirect_after );
88 } elseif ( isset( $_GET['return'] ) && ! empty( $_GET['return'] ) ) {
89 $data_array['redirectToUrl'] = trailingslashit( get_site_url() ) . strip_tags( $_GET['return'] ); // phpcs:ignore
90 }
91
92 wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faWizardData', $data_array );
93
94 /**
95 * Fires when the FE shortcode scripts are registered.
96 *
97 * @param bool $shortcodes - True if called from the short codes method.
98 *
99 * @since 2.2.0
100 */
101 \do_action( WP_2FA_PREFIX . 'shortcode_scripts', true );
102 }
103
104 /**
105 * Output setup form.
106 *
107 * @param array $atts - Array with the attributes passed to shortcode.
108 *
109 * @return string
110 */
111 public static function user_setup_2fa_form( $atts ) {
112
113 /** Shortcode redirect_after is supported, with which the user can override all other settings */
114 extract( // phpcs:ignore
115 shortcode_atts(
116 array(
117 'show_preamble' => 'true',
118 'redirect_after' => '',
119 ),
120 $atts
121 )
122 );
123
124 if ( is_user_logged_in() ) {
125 wp_enqueue_script( 'wp_2fa_frontend_scripts' );
126 wp_enqueue_style( 'wp_2fa_styles' );
127
128 ob_start();
129 echo '<form id="your-profile" class="wp-2fa-configuration-form">';
130 User_Profile::inline_2fa_profile_form( 'output_shortcode', $show_preamble );
131 echo '</form>';
132 $content = ob_get_contents();
133 ob_end_clean();
134 return $content;
135 } elseif ( ! is_admin() && ! is_user_logged_in() ) {
136 $new_page_id = WP2FA::get_wp2fa_setting( 'custom-user-page-id' );
137 $redirect_to = ! empty( $new_page_id ) ? get_permalink( $new_page_id ) : get_home_url();
138 ob_start();
139 echo '<p>' . esc_html__( 'You must be logged in to view this page.', 'wp-2fa' ) . ' <a href="' . esc_url( wp_login_url( $redirect_to ) ) . '">' . esc_html__( 'Login here.', 'wp-2fa' ) . '</a></p>';
140 $content = ob_get_contents();
141 ob_end_clean();
142 return $content;
143 }
144 }
145
146 /**
147 * Output setup nag.
148 *
149 * @param array $atts - Array with the attributes passed to shortcode.
150 *
151 * @return string
152 */
153 public static function user_setup_2fa_notice( $atts ) {
154 extract( // phpcs:ignore
155 shortcode_atts(
156 array(
157 'configure_2fa_url' => '',
158 ),
159 $atts
160 )
161 );
162
163 // TODO: is that really necessary?
164 User_Notices::init();
165
166 if ( ! is_admin() && is_user_logged_in() ) {
167 wp_enqueue_script( 'wp_2fa_micro_modals' );
168 wp_enqueue_script( 'wp_2fa_frontend_scripts' );
169 wp_enqueue_style( 'wp_2fa_styles' );
170
171 $data_array = array(
172 'ajaxURL' => admin_url( 'admin-ajax.php' ),
173 'roles' => WP2FA::wp_2fa_get_roles(),
174 'nonce' => wp_create_nonce( 'wp-2fa-settings-nonce' ),
175 'codesPreamble' => esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ),
176 'readyText' => esc_html__( 'I\'m ready', 'wp-2fa' ),
177 'codeReSentText' => esc_html__( 'New code sent', 'wp-2fa' ),
178 'allDoneHeading' => esc_html__( 'All done.', 'wp-2fa' ),
179 'allDoneText' => esc_html__( 'Your login just got more secure.', 'wp-2fa' ),
180 'closeWizard' => esc_html__( 'Close Wizard', 'wp-2fa' ),
181 );
182 wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faData', $data_array );
183
184 ob_start();
185 User_Notices::user_setup_2fa_nag( 'output_shortcode', $configure_2fa_url );
186 $content = ob_get_contents();
187 ob_end_clean();
188
189 return $content;
190 }
191
192 return '';
193 }
194 }
195