PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 2.5.0
WP 2FA – Two-factor authentication for WordPress v2.5.0
4.0.0 1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Admin / Views / class-first-time-wizard-steps.php
wp-2fa / includes / classes / Admin / Views Last commit date
class-first-time-wizard-steps.php 2 years ago class-grace-period-notifications.php 2 years ago class-passord-reset-2fa.php 2 years ago class-wizard-steps.php 2 years ago index.php 2 years ago
class-first-time-wizard-steps.php
675 lines
1 <?php
2 /**
3 * Settings page render class.
4 *
5 * @package wp2fa
6 * @subpackage views
7 * @copyright %%YEAR%% Melapress
8 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
9 * @link https://wordpress.org/plugins/wp-2fa/
10 */
11
12 namespace WP2FA\Admin\Views;
13
14 use WP2FA\WP2FA;
15 use WP2FA\Admin\Helpers\WP_Helper;
16 use WP2FA\Admin\Controllers\Settings;
17
18 defined( 'ABSPATH' ) || exit; // Exit if accessed directly.
19
20 if ( ! class_exists( '\WP2FA\Admin\Views\First_Time_Wizard_Steps' ) ) {
21 /**
22 * WP2FA First Wizard Settings view controller
23 *
24 * @since 1.7
25 */
26 class First_Time_Wizard_Steps {
27
28 /**
29 * Select method step
30 *
31 * @since 1.7.0
32 *
33 * @param boolean $setup_wizard - Boolean - is that first time wizard setup or settings page call.
34 *
35 * @return void
36 */
37 public static function select_method( $setup_wizard = false ) {
38
39 ob_start();
40 ?>
41 <h3><?php esc_html_e( 'Which 2FA methods can your users use?', 'wp-2fa' ); ?></h3>
42 <p class="description">
43 <?php esc_html_e( 'When you uncheck any of the below 2FA methods it won\'t be available for your users to use. You can always change this later on from the plugin\'s settings.', 'wp-2fa' ); ?>
44 </p>
45 <?php
46 $data_role = 'data-role="global"';
47 if ( ! $setup_wizard ) {
48 ?>
49 <table class="form-table">
50 <tbody>
51 <tr>
52 <th colspan="2"><?php esc_html_e( 'Which of the below 2FA methods can users use?', 'wp-2fa' ); ?></th>
53 </tr>
54 <tr>
55 <th><label for="2fa-method"><?php esc_html_e( 'Select the methods', 'wp-2fa' ); ?></label></th>
56 <td>
57 <?php } ?>
58 <fieldset id="2fa-method-select" class="2fa-method-select">
59 <div class="method-title"><em><?php esc_html_e( 'Primary 2FA methods:', 'wp-2fa' ); ?></em></div>
60 <br>
61 <label for="totp">
62 <input type="checkbox" id="totp" name="wp_2fa_policy[enable_totp]" value="enable_totp"
63 <?php echo $data_role; // phpcs:ignore ?>
64 <?php checked( 'enable_totp', WP2FA::get_wp2fa_setting( 'enable_totp' ), true ); ?>
65 >
66 <?php esc_html_e( 'One-time code via 2FA App (TOTP)', 'wp-2fa' ); ?>
67 </label>
68
69 <?php
70 if ( $setup_wizard ) {
71 echo '<p class="description">';
72 printf(
73 /* translators: link to the knowledge base website */
74 esc_html__( 'When using this method, users will need to configure a 2FA app to get the one-time login code. The plugin supports all standard 2FA apps. Refer to the %s for more information. Allowing users to set up a secondary 2FA method is highly recommended. You can do this in the next step of the wizard. This will allow users to log in using an alternative method should they, for example lose access to their phone.', 'wp-2fa' ),
75 '<a href="https://melapress.com/support/kb/wp-2fa-configuring-2fa-apps/?&utm_source=plugins&utm_medium=link&utm_campaign=wp2fa" target="_blank">' . esc_html__( 'guide on how to set up 2FA apps', 'wp-2fa' ) . '</a>'
76 );
77 echo '</p>';
78 }
79 ?>
80 <?php
81 /**
82 * Fired right after the TOTP method HTML rendering.
83 *
84 * @param bool $wizard - Is that a wizard call or settings call.
85 * @param string $data_role - String with the JS data to add to form element.
86 * @param string $name - The name of the role.
87 *
88 * @since 2.0.0
89 */
90 \do_action( WP_2FA_PREFIX . 'after_totp_setup', $setup_wizard, $data_role, null );
91 ?>
92 <br/>
93 <label for="hotp">
94 <input type="checkbox" id="hotp" name="wp_2fa_policy[enable_email]" value="enable_email"
95 <?php echo $data_role; // phpcs:ignore ?>
96 <?php checked( WP2FA::get_wp2fa_setting( 'enable_email' ), 'enable_email' ); ?>
97 >
98 <?php
99 esc_html_e( 'One-time code via email (HOTP)', 'wp-2fa' );
100 esc_html_e( ' - ensure email deliverability with the free plugin ', 'wp-2fa' );
101 echo '<a href="https://wordpress.org/plugins/wp-mail-smtp/" target="_blank" rel="nofollow">WP Mail SMTP</a>.';
102 ?>
103 <?php
104 ?>
105 </label>
106 <?php
107 if ( $setup_wizard ) {
108 echo '<p class="description">' . esc_html__( 'When using this method, users will receive the one-time login code over email. Therefore, email deliverability is very important. Users using this method should whitelist the address from which the codes are sent. By default, this is the email address configured in your WordPress. You can run an email test from the plugin\'s settings to confirm email deliverability. If you have had email deliverability / reliability issues, we highly recommend you to install the free plugin ', 'wp-2fa' ) . '<a href="https://wordpress.org/plugins/wp-mail-smtp/" target="_blank" rel="nofollow">WP Mail SMTP</a><br><br>' . esc_html__( 'Allowing users to set up a secondary 2FA method is highly recommended. You can do this in the next step of the wizard. This will allow users to log in using an alternative method should they, for example lose access to their phone.', 'wp-2fa' ) . '</p>';
109 }
110 ?>
111 <?php if ( ! $setup_wizard ) { ?>
112 <div class="use-different-hotp-mail<?php echo \esc_attr( ( false === WP2FA::get_wp2fa_setting( 'enable_email' ) ? ' disabled' : '' ) ); ?>">
113 <p class="description" style="margin-bottom: 5px; font-style: normal;">
114 <?php esc_html_e( 'Allow user to specify the email address of choice', 'wp-2fa' ); ?>
115 </p>
116 <fieldset class="email-hotp-options">
117 <?php
118 $options = array(
119 'yes' => array(
120 'label' => esc_html__( 'Yes', 'wp-2fa' ),
121 'value' => 'specify-email_hotp',
122 ),
123 'no' => array(
124 'label' => esc_html__( 'No', 'wp-2fa' ),
125 'value' => '',
126 ),
127 );
128
129 foreach ( $options as $option_key => $option_settings ) {
130 ?>
131 <label for="specify-email_hotp-<?php echo \esc_attr( $option_key ); ?>">
132 <input type="radio" name="wp_2fa_policy[specify-email_hotp]" id="specify-email_hotp-<?php echo \esc_attr( $option_key ); ?>" value="<?php echo \esc_attr( $option_settings['value'] ); ?>" class="js-nested"
133 <?php checked( Settings::get_role_or_default_setting( 'specify-email_hotp', null ), $option_settings['value'] ); ?>
134 >
135 <span><?php echo $option_settings['label']; // phpcs:ignore ?></span>
136 </label>
137 <?php
138 }
139 ?>
140 </fieldset>
141 </div>
142 <?php } ?>
143 <br />
144 <?php
145 if ( ! $setup_wizard ) {
146 $class = '';
147
148 if ( '' === trim( Settings::get_role_or_default_setting( 'enable_totp', null, null, true ) ) && '' === trim( Settings::get_role_or_default_setting( 'enable_email', null, null, true ) ) && '' === trim( Settings::get_role_or_default_setting( 'enable_oob_email', null, null, true ) ) ) {
149 $class = 'disabled';
150 }
151 ?>
152 <div class="method-title"><em><?php esc_html_e( 'Secondary 2FA methods:', 'wp-2fa' ); ?></em></div>
153 <br>
154 <label for="backup-codes" class=" <?php echo $class; // phpcs:ignore ?>">
155 <input type="checkbox" class="<?php echo \esc_attr( $class ); ?>" id="backup-codes" name="wp_2fa_policy[backup_codes_enabled]"
156 <?php echo $data_role; // phpcs:ignore ?>
157 value="yes"
158 <?php checked( WP2FA::get_wp2fa_setting( 'backup_codes_enabled' ), 'yes' ); ?>
159 >
160 <?php
161 esc_html_e( 'Backup codes', 'wp-2fa' );
162 if ( $setup_wizard ) {
163 echo '<p class="description">Note: ';
164 } else {
165 echo ' - ';
166 }
167 esc_html_e( 'Backup codes are a secondary method which you can use to log in to the website in case the primary 2FA method is unavailable. Therefore they can\'t be enabled and used as a primary method.', 'wp-2fa' );
168 if ( $setup_wizard ) {
169 echo '</p>';
170 }
171 ?>
172 </label>
173 <?php
174 /**
175 * Fires after the backup methods HTML rendering is finished.
176 *
177 * @param bool $wizard - Is that wizard ot standard setting.
178 * @param string $data_role - The JS data attribute for the form inputs.
179 * @param string $role - The name of the user role.
180 *
181 * @since 2.0.0
182 */
183 \do_action( WP_2FA_PREFIX . 'after_backup_methods_setup', $setup_wizard, $data_role, null );
184 }
185 ?>
186 </fieldset>
187 <?php
188 if ( ! $setup_wizard ) {
189 ?>
190 </td>
191 </tr>
192 </tbody>
193 </table>
194 <?php } ?>
195 <?php
196 $output = ob_get_clean();
197
198 /**
199 * At this point, none of the default providers is set / activated. This filter allows additional providers to change the behaviour. Checking the input array for specific values (methods), and based on that we can raise error that none of the allowed methods has bees selected by the user, or dismiss the error otherwise.
200 *
201 * @param string $output - Parsed HTML with the methods.
202 * @param bool $setup_wizard - The type of the wizard (first time wizard / settings).
203 *
204 * @since 2.0.0
205 */
206 $output = apply_filters( WP_2FA_PREFIX . 'select_methods', $output, $setup_wizard );
207
208 echo $output; // phpcs:ignore
209 }
210
211 /**
212 * Builds the backup methods html
213 *
214 * @param boolean $setup_wizard - Is that call from the Wizard or not.
215 *
216 * @return void
217 *
218 * @since 2.4.1
219 */
220 public static function backup_method( $setup_wizard = false ) {
221
222 ob_start();
223 ?>
224 <h3><?php esc_html_e( 'Which alternative 2FA methods can users use?', 'wp-2fa' ); ?></h3>
225 <p class="description">
226 <?php esc_html_e( 'An alternative 2FA method allows users to configure another 2FA method that can be used as a backup should the primary 2FA method fail. This can happen if, for example, a user forgets their smartphone, the smartphone runs out of battery, or there are email deliverability problems.', 'wp-2fa' ); ?>
227 </p>
228 <p class="description">
229 <?php esc_html_e( 'It is highly recommended to have an alternative 2FA method configured at all times. Below is a list of alternative 2FA methods available through this plugin:', 'wp-2fa' ); ?>
230 </p>
231
232 <br>
233
234 <fieldset>
235 <label for="backup-codes">
236 <input type="checkbox" id="backup-codes-global" name="wp_2fa_policy[backup_codes_enabled]" value="yes"
237 <?php checked( WP2FA::get_wp2fa_setting( 'backup_codes_enabled' ), 'yes' ); ?>
238 >
239 <?php esc_html_e( 'Backup codes', 'wp-2fa' ); ?>
240 </label>
241
242 <?php
243 echo '<p class="description">';
244 echo sprintf(
245 '%1$1s <a href="https://melapress.com/support/kb/wp-2fa-what-are-2fa-backup-codes/?&utm_source=plugins&utm_medium=link&utm_campaign=wp2fa" target="_blank">%2$1s</a> <br><br>',
246 esc_html__( 'Backup codes allow users to log in to WordPress should they find themselves unable to log in via the primary 2FA method. Backup codes are enabled by default and are generated during the 2FA configuration process. Each backup code can be used only once. Once the initial list is exhausted, more backup codes can be generated through the user’s WordPress profile page - ', 'wp-2fa' ),
247 esc_html__( 'More information', 'wp-2fa' )
248 );
249 echo '</p>';
250 ?>
251
252 <?php
253 echo '<label>';
254 echo sprintf(
255 '%1$1s <a href="https://melapress.com/wordpress-2fa/features/?&utm_source=plugins&utm_medium=link&utm_campaign=wp2fa" target="_blank">%2$1s</a> %3$1s',
256 esc_html__( 'Upgrade to WP 2FA Premium for', 'wp-2fa' ),
257 esc_html__( 'more alternative 2FA methods', 'wp-2fa' ),
258 esc_html__( 'to give your users more options.', 'wp-2fa' )
259 );
260 echo '<label>';
261 ?>
262 </fieldset>
263 <?php
264 ?>
265 <?php
266 $output = ob_get_clean();
267 $output = apply_filters( WP_2FA_PREFIX . 'backup_methods', $output, $setup_wizard );
268
269 echo $output; // phpcs:ignore
270 }
271
272 /**
273 * Enforcement policy step
274 *
275 * @since 1.7.0
276 *
277 * @param boolean $setup_wizard - Boolean - is that first time wizard setup or settings page call.
278 *
279 * @return void
280 */
281 public static function enforcement_policy( $setup_wizard = false ) {
282 ?>
283 <h3 id="enforcement_settings"><?php esc_html_e( 'Do you want to enforce 2FA for some, or all the users? ', 'wp-2fa' ); ?></h3>
284 <p class="description">
285 <?php esc_html_e( 'When you enforce 2FA the users will be prompted to configure 2FA the next time they login. Users have a grace period for configuring 2FA. You can configure the grace period and also exclude user(s) or role(s) in this settings page. ', 'wp-2fa' ); ?> <a href="https://melapress.com/support/kb/wp-2fa-configure-2fa-policies-enforce/?&utm_source=plugins&utm_medium=link&utm_campaign=wp2fa" target="_blank" rel=noopener><?php esc_html_e( 'Learn more.', 'wp-2fa' ); ?></a>
286 </p>
287 <?php
288 if ( ! $setup_wizard ) {
289 ?>
290 <table class="form-table js-enforcement-policy-section">
291 <tbody>
292 <tr>
293 <th><label for="enforcement-policy"><?php esc_html_e( 'Enforce 2FA on', 'wp-2fa' ); ?></label></th>
294 <td>
295 <?php } ?>
296 <fieldset class="contains-hidden-inputs">
297 <label for="all-users" style="margin:.35em 0 .5em !important; display: block;">
298 <input type="radio" name="wp_2fa_policy[enforcement-policy]" id="all-users" value="all-users"
299 <?php checked( WP2FA::get_wp2fa_setting( 'enforcement-policy' ), 'all-users' ); ?>
300 >
301 <span><?php esc_html_e( 'All users', 'wp-2fa' ); ?></span>
302 </label>
303
304 <?php if ( WP_Helper::is_multisite() ) : ?>
305 <label for="superadmins-only" style="margin:.35em 0 .5em !important; display: block;">
306 <input type="radio" name="wp_2fa_policy[enforcement-policy]" id="superadmins-only" value="superadmins-only"
307 <?php checked( WP2FA::get_wp2fa_setting( 'enforcement-policy' ), 'superadmins-only' ); ?> />
308 <span><?php esc_html_e( 'Only super admins', 'wp-2fa' ); ?></span>
309 </label>
310 <label for="superadmins-siteadmins-only" style="margin:.35em 0 .5em !important; display: block;">
311 <input type="radio" name="wp_2fa_policy[enforcement-policy]" id="superadmins-siteadmins-only" value="superadmins-siteadmins-only"
312 <?php checked( WP2FA::get_wp2fa_setting( 'enforcement-policy' ), 'superadmins-siteadmins-only' ); ?> />
313 <span><?php esc_html_e( 'Only super admins and site admins', 'wp-2fa' ); ?></span>
314 </label>
315 <?php endif; ?>
316
317 <label for="certain-roles-only" style="margin:.35em 0 .5em !important; display: block;">
318 <?php $checked = in_array( WP2FA::get_wp2fa_setting( 'enforcement-policy' ), array( 'certain-roles-only', 'certain-users-only' ), true ); ?>
319 <input type="radio" name="wp_2fa_policy[enforcement-policy]" id="certain-roles-only" value="certain-roles-only"
320 <?php ( $setup_wizard ) ? checked( WP2FA::get_wp2fa_setting( 'enforcement-policy' ), 'certain-roles-only' ) : checked( $checked ); ?>
321 data-unhide-when-checked=".certain-roles-only-inputs, .certain-users-only-inputs">
322 <span><?php esc_html_e( 'Only for specific users and roles', 'wp-2fa' ); ?></span>
323 </label>
324 <fieldset class="hidden certain-users-only-inputs">
325 <div>
326 <p>
327 <label for="enforced_users-multi-select"><?php esc_html_e( 'Users :', 'wp-2fa' ); ?></label> <select multiple="multiple" id="enforced_users-multi-select" name="wp_2fa_policy[enforced_users][]" style=" display:none;width:<?php echo ( $setup_wizard ) ? '100' : '50'; ?>%">
328 <?php
329 $excluded_users = WP2FA::get_wp2fa_setting( 'enforced_users' );
330 foreach ( $excluded_users as $user ) {
331 ?>
332 <option selected="selected" value="<?php echo \esc_attr( $user ); ?>"><?php echo \esc_attr( $user ); ?></option>
333 <?php
334 }
335 ?>
336 </select>
337 </p>
338 </div>
339 </fieldset>
340 <fieldset class="hidden certain-roles-only-inputs">
341 <div>
342 <p style="margin-top: 0;">
343 <label for="enforced-roles-multi-select"><?php esc_html_e( 'Roles :', 'wp-2fa' ); ?></label>
344 <select multiple="multiple" id="enforced-roles-multi-select" name="wp_2fa_policy[enforced_roles][]" style=" display:none;width:<?php echo ( $setup_wizard ) ? '100' : '50'; ?>%">
345 <?php
346 $all_roles = \WP2FA\WP2FA::wp_2fa_get_roles();
347 $enforced_roles = WP2FA::get_wp2fa_setting( 'enforced_roles' );
348 foreach ( $all_roles as $role => $role_name ) {
349 $selected = '';
350 if ( in_array( $role, $enforced_roles, true ) ) {
351 $selected = 'selected="selected"';
352 }
353 ?>
354 <option <?php echo $selected; // phpcs:ignore ?> value="<?php echo \esc_attr( strtolower( $role ) ); ?>"><?php echo \esc_html( $role_name ); ?></option>
355 <?php
356 }
357 ?>
358 </select>
359 </p>
360 </div>
361 <?php if ( WP_Helper::is_multisite() ) { ?>
362 <p class="description">
363 <input type="checkbox" name="wp_2fa_policy[superadmins-role-add]" id="superadmins-role-add" value="yes" style="position: relative; top: -3px;"
364 <?php checked( WP2FA::get_wp2fa_setting( 'superadmins-role-add' ), 'yes' ); ?> />
365 <label for="superadmins-role-add"><?php esc_html_e( 'Also enforce 2FA on network users with super admin privileges', 'wp-2fa' ); ?></label>
366 </p>
367 <?php } ?>
368 </fieldset>
369 <?php if ( WP_Helper::is_multisite() ) { ?>
370 <div>
371 <label for="enforce-on-multisite" style="margin:.35em 0 .5em !important; display: block;">
372 <input type="radio" name="wp_2fa_policy[enforcement-policy]" id="enforce-on-multisite" value="enforce-on-multisite"
373 <?php checked( WP2FA::get_wp2fa_setting( 'enforcement-policy' ), 'enforce-on-multisite' ); ?>
374 data-unhide-when-checked=".all-sites">
375 <span><?php esc_html_e( 'These sub-sites', 'wp-2fa' ); ?></span>
376 </label>
377 <fieldset class="hidden all-sites">
378 <p>
379 <label for="slim-multi-select"><?php esc_html_e( 'Sites :', 'wp-2fa' ); ?></label> <select multiple="multiple" id="slim-multi-select" name="wp_2fa_policy[included_sites][]" style="display:none; width:<?php echo ( $setup_wizard ) ? '100' : '50'; ?>%">
380 <?php
381 $selected_sites = WP2FA::get_wp2fa_setting( 'included_sites' );
382 foreach ( WP_Helper::get_multi_sites() as $site ) {
383 $args = array(
384 'blog_id' => $site->blog_id,
385 );
386
387 $current_blog_details = get_blog_details( $args );
388 $selected = '';
389 if ( in_array( $site->blog_id, $selected_sites, true ) ) {
390 $selected = 'selected="selected"';
391 }
392 ?>
393 <option <?php echo $selected; // phpcs:ignore ?> value="<?php echo \esc_attr( $site->blog_id ); ?>"><?php echo \esc_html( $current_blog_details->blogname ); ?></option>
394 <?php
395 }
396 ?>
397 </select>
398 </p>
399 </fieldset>
400 </div>
401 <?php } ?>
402 <div>
403 <label for="do-not-enforce" style="margin:.35em 0 .5em !important; display: block;">
404 <input type="radio" name="wp_2fa_policy[enforcement-policy]" id="do-not-enforce" value="do-not-enforce"
405 <?php checked( WP2FA::get_wp2fa_setting( 'enforcement-policy' ), 'do-not-enforce' ); ?>
406 >
407 <span><?php esc_html_e( 'Do not enforce on any users', 'wp-2fa' ); ?></span>
408 </label>
409 </div>
410 <br/>
411 </fieldset>
412 <?php
413 if ( ! $setup_wizard ) {
414 ?>
415 </td>
416 </tr>
417 </tbody>
418 </table>
419 <?php
420 }
421 }
422
423 /**
424 * Exclude users and groups
425 *
426 * @since 1.7.0
427 *
428 * @param boolean $setup_wizard - Boolean - is that first time wizard setup or settings page call.
429 *
430 * @return void
431 */
432 public static function exclude_users( $setup_wizard = false ) {
433 ?>
434 <h3><?php esc_html_e( 'Do you want to exclude any users or roles from 2FA? ', 'wp-2fa' ); ?></h3>
435 <p class="description">
436 <?php esc_html_e( 'If you are enforcing 2FA on all users but for some reason you would like to exclude individual user(s) or users with a specific role, you can exclude them below', 'wp-2fa' ); ?>
437 </p>
438 <?php
439 if ( ! $setup_wizard ) {
440 ?>
441 <table class="form-table js-enforcement-policy-section">
442 <tbody>
443 <tr>
444 <th><label id="exclude-users" for="excluded-users-multi-select"><?php esc_html_e( 'Exclude the following users', 'wp-2fa' ); ?></label></th>
445 <td>
446 <?php } else { ?>
447 <label for="excluded-users-multi-select"><?php esc_html_e( 'Exclude the following users', 'wp-2fa' ); ?>
448 <?php } ?>
449 <fieldset>
450 <div>
451 <select multiple="multiple" id="excluded-users-multi-select" name="wp_2fa_policy[excluded_users][]" style=" display:none;width:<?php echo ( $setup_wizard ) ? '100' : '50'; ?>%">
452 <?php
453 $excluded_users = WP2FA::get_wp2fa_setting( 'excluded_users' );
454 foreach ( $excluded_users as $user ) {
455 ?>
456 <option selected="selected" value="<?php echo \esc_attr( $user ); ?>"><?php echo \esc_html( $user ); ?></option>
457 <?php
458 }
459 ?>
460 </select>
461 </div>
462 <?php
463 if ( ! $setup_wizard ) {
464 ?>
465
466 </td>
467 </tr>
468 <tr>
469 <th><label for="excluded-roles-multi-select"><?php esc_html_e( 'Exclude the following roles', 'wp-2fa' ); ?></label></th>
470 <td>
471 <p>
472 <?php } else { ?>
473 <br>
474 <label for="excluded-roles-multi-select"><?php esc_html_e( 'Exclude the following roles', 'wp-2fa' ); ?></label>
475 <?php } ?>
476 <select multiple="multiple" id="excluded-roles-multi-select" name="wp_2fa_policy[excluded_roles][]" style=" display:none;width:<?php echo ( $setup_wizard ) ? '100' : '50'; ?>%">
477 <?php
478 $all_roles = \WP2FA\WP2FA::wp_2fa_get_roles();
479 $excluded_roles = WP2FA::get_wp2fa_setting( 'excluded_roles' );
480 foreach ( $all_roles as $role => $role_name ) {
481 $selected = '';
482 if ( in_array( strtolower( $role ), $excluded_roles, true ) ) {
483 $selected = 'selected="selected"';
484 }
485 ?>
486 <option <?php echo $selected; // phpcs:ignore ?> value="<?php echo \esc_attr( strtolower( $role ) ); ?>"><?php echo \esc_html( $role_name ); ?></option>
487 <?php
488 }
489 ?>
490 </select>
491 <br>
492 <?php if ( WP_Helper::is_multisite() ) { ?>
493 <div style="margin-top:10px;">
494 <input type="checkbox" name="wp_2fa_policy[superadmins-role-exclude]" id="superadmins-role-exclude" value="yes"
495 <?php checked( WP2FA::get_wp2fa_setting( 'superadmins-role-exclude' ), 'yes' ); ?> />
496 <label for="superadmins-role-exclude"><?php esc_html_e( 'Also exclude users with super admin privilege', 'wp-2fa' ); ?></label>
497 </div>
498 <?php } ?>
499 </fieldset>
500 <?php
501 if ( ! $setup_wizard ) {
502 ?>
503 </td>
504 </tr>
505 </tbody>
506 </table>
507 <?php } ?>
508 <?php
509 }
510
511 /**
512 * Which network sites to exclude (for multisite instal)
513 *
514 * @since 1.7.0
515 *
516 * @param boolean $setup_wizard - Boolean - is that first time wizard setup or settings page call.
517 *
518 * @return void
519 */
520 public static function excluded_network_sites( $setup_wizard = false ) {
521 ?>
522 <h3><?php esc_html_e( 'Do you want to exclude all the users of a site from 2FA? ', 'wp-2fa' ); ?></h3>
523 <p class="description">
524 <?php esc_html_e( 'If you are enforcing 2FA on all users but for some reason you do not want to enforce it on a specific sub site, specify the sub site name below:', 'wp-2fa' ); ?>
525 </p>
526 <?php
527 if ( ! $setup_wizard ) {
528 ?>
529 <table class="form-table js-enforcement-policy-section">
530 <tbody>
531 <tr>
532 <th><label for="excluded-sites-multi-select"><?php esc_html_e( 'Exclude the following sites', 'wp-2fa' ); ?></label></th>
533 <td>
534 <?php } ?>
535 <fieldset>
536 <?php
537 if ( $setup_wizard ) {
538 ?>
539
540 <div class="option-pill">
541 <label for="excluded_sites_search"><?php esc_html_e( 'Exclude the following sites', 'wp-2fa' ); ?>
542 <?php } ?>
543 <select multiple="multiple" id="excluded-sites-multi-select" name="wp_2fa_policy[excluded_sites][]" style=" display:none;width:<?php echo ( $setup_wizard ) ? '100' : '50'; ?>%">
544 <?php
545 $excluded_sites = WP2FA::get_wp2fa_setting( 'excluded_sites' );
546 if ( ! empty( $excluded_sites ) ) {
547 foreach ( $excluded_sites as $site_id ) {
548 $site = get_blog_details( $site_id )->blogname;
549 ?>
550 <option selected="selected" value="<?php echo \esc_attr( $site_id ); ?>"><?php echo \esc_html( $site ); ?></option>
551 <?php
552 }
553 }
554 ?>
555 </select>
556 <?php
557 if ( $setup_wizard ) {
558 ?>
559 </label>
560 </div>
561 <?php } ?>
562 </fieldset>
563 <?php
564 if ( ! $setup_wizard ) {
565 ?>
566 </td>
567 </tr>
568 </tbody>
569 </table>
570 <?php } ?>
571 <?php
572 }
573
574 /**
575 * Set the grace period
576 *
577 * @since 1.7.0
578 *
579 * @param boolean $setup_wizard - Boolean - is that first time wizard setup or settings page call.
580 *
581 * @return void
582 */
583 public static function grace_period( $setup_wizard = false ) {
584 $grace_period = (int) WP2FA::get_wp2fa_setting( 'grace-period', true );
585 /**
586 * Via that, you can change the grace period TTL.
587 *
588 * @param bool - Default at this point is true - no method is selected.
589 */
590 $testing = apply_filters( WP_2FA_PREFIX . 'allow_grace_period_in_seconds', false );
591 if ( $testing ) {
592 $grace_max = 600;
593 } else {
594 $grace_max = 10;
595 }
596 ?>
597 <fieldset class="contains-hidden-inputs">
598 <label for="no-grace-period" style="margin-bottom: 10px; display: block;">
599 <input type="radio" name="wp_2fa_policy[grace-policy]" id="no-grace-period" value="no-grace-period"
600 <?php checked( WP2FA::get_wp2fa_setting( 'grace-policy' ), 'no-grace-period' ); ?>
601 >
602 <span><?php esc_html_e( 'Users have to configure 2FA straight away.', 'wp-2fa' ); ?></span>
603 </label>
604
605 <label for="use-grace-period">
606 <input type="radio" name="wp_2fa_policy[grace-policy]" id="use-grace-period" value="use-grace-period"
607 <?php checked( WP2FA::get_wp2fa_setting( 'grace-policy' ), 'use-grace-period' ); ?>
608 data-unhide-when-checked=".grace-period-inputs">
609 <span><?php esc_html_e( 'Give users a grace period to configure 2FA', 'wp-2fa' ); ?></span>
610 </label>
611 <fieldset class="hidden grace-period-inputs">
612 <br/>
613 <input type="number" id="grace-period" name="wp_2fa_policy[grace-period]" value="<?php echo esc_attr( $grace_period ); ?>" min="1" max="<?php echo esc_attr( $grace_max ); ?>">
614 <label class="radio-inline">
615 <input class="js-nested" type="radio" name="wp_2fa_policy[grace-period-denominator]" value="hours"
616 <?php checked( WP2FA::get_wp2fa_setting( 'grace-period-denominator' ), 'hours' ); ?>
617 >
618 <?php esc_html_e( 'hours', 'wp-2fa' ); ?>
619 </label>
620 <label class="radio-inline">
621 <input class="js-nested" type="radio" name="wp_2fa_policy[grace-period-denominator]" value="days"
622 <?php checked( WP2FA::get_wp2fa_setting( 'grace-period-denominator' ), 'days' ); ?>
623 >
624 <?php esc_html_e( 'days', 'wp-2fa' ); ?>
625 </label>
626 <?php
627 /**
628 * Fires after the grace period. Gives the ability to change the parsed code.
629 *
630 * @param string $content - HTML content.
631 * @param string $role - The name of the role.
632 * @param string $name_prefix - Name prefix for the input name, includes the role name if provided.
633 * @param string $data_role - Data attribute - used by the JS.
634 * @param string $role_id - The role name, used to identify the inputs.
635 *
636 * @since 2.0.0
637 */
638 $after_grace_content = \apply_filters( WP_2FA_PREFIX . 'after_grace_period', '', '', 'wp_2fa_policy' );
639 echo $after_grace_content; // phpcs:ignore
640 ?>
641 <?php
642 /**
643 * Via that, you can change the grace period TTL.
644 *
645 * @param bool - Default at this point is true - no method is selected.
646 */
647 $testing = apply_filters( WP_2FA_PREFIX . 'allow_grace_period_in_seconds', false );
648 if ( $testing ) {
649 ?>
650 <label class="radio-inline">
651 <input class="js-nested" type="radio" name="wp_2fa_policy[grace-period-denominator]" value="seconds"
652 <?php checked( WP2FA::get_wp2fa_setting( 'grace-period-denominator' ), 'seconds' ); ?>
653 >
654 <?php esc_html_e( 'Seconds', 'wp-2fa' ); ?>
655 </label>
656 <?php
657 }
658
659 if ( $setup_wizard ) {
660 $user = wp_get_current_user();
661 $last_user_to_update_settings = $user->ID;
662
663 ?>
664 <input type="hidden" id="2fa_main_user" name="wp_2fa_policy[2fa_settings_last_updated_by]" value="<?php echo esc_attr( $last_user_to_update_settings ); ?>">
665 <?php } else { ?>
666 <p><?php esc_html_e( 'Note: If users do not configure it within the configured stipulated time, their account will be locked and have to be unlocked manually.', 'wp-2fa' ); ?></p>
667 <?php } ?>
668 </fieldset>
669 <br/>
670 </fieldset>
671 <?php
672 }
673 }
674 }
675