PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 2.5.0
WP 2FA – Two-factor authentication for WordPress v2.5.0
4.0.0 1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Shortcodes / class-shortcodes.php
wp-2fa / includes / classes / Shortcodes Last commit date
class-shortcodes.php 2 years ago index.php 5 years ago
class-shortcodes.php
199 lines
1 <?php
2 /**
3 * Responsible for rendering the short codes.
4 *
5 * @package wp2fa
6 * @subpackage short-codes
7 * @copyright %%YEAR%% Melapress
8 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
9 * @link https://wordpress.org/plugins/wp-2fa/
10 */
11
12 namespace WP2FA\Shortcodes;
13
14 use \WP2FA\WP2FA as WP2FA;
15 use \WP2FA\Core as Core;
16 use \WP2FA\Admin\User_Profile as User_Profile;
17 use \WP2FA\Admin\User_Notices as User_Notices;
18 use WP2FA\Admin\Controllers\Settings;
19
20 if ( ! class_exists( '\WP2FA\Shortcodes\Shortcodes' ) ) {
21 /**
22 * Class for rendering shortcodes.
23 */
24 class Shortcodes {
25
26 /**
27 * Constructor.
28 */
29 public static function init() {
30 add_shortcode( 'wp-2fa-setup-form', array( __CLASS__, 'user_setup_2fa_form' ) );
31 add_shortcode( 'wp-2fa-setup-notice', array( __CLASS__, 'user_setup_2fa_notice' ) );
32 add_action( 'wp_enqueue_scripts', array( __CLASS__, 'register_2fa_shortcode_scripts' ) );
33 }
34
35 /**
36 * Register scripts and styles.
37 */
38 public static function register_2fa_shortcode_scripts() {
39 // Add our front end stuff, which we only want to load when the shortcode is present.
40 wp_register_script( 'wp_2fa_frontend_scripts', Core\script_url( 'wp-2fa', 'admin' ), array( 'jquery', 'wp_2fa_micro_modals' ), WP_2FA_VERSION, true );
41 wp_register_script( 'wp_2fa_micro_modals', Core\script_url( 'micromodal', 'admin' ), array(), WP_2FA_VERSION, true );
42 wp_register_style( 'wp_2fa_styles', Core\style_url( 'styles', 'frontend' ), array(), WP_2FA_VERSION );
43
44 $data_array = array(
45 'ajaxURL' => admin_url( 'admin-ajax.php' ),
46 'roles' => WP2FA::wp_2fa_get_roles(),
47 'nonce' => wp_create_nonce( 'wp-2fa-settings-nonce' ),
48 'codesPreamble' => esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ),
49 'readyText' => esc_html__( 'I\'m ready', 'wp-2fa' ),
50 'codeReSentText' => esc_html__( 'New code sent', 'wp-2fa' ),
51 'allDoneHeading' => esc_html__( 'All done.', 'wp-2fa' ),
52 'allDoneText' => esc_html__( 'Your login just got more secure.', 'wp-2fa' ),
53 'closeWizard' => esc_html__( 'Close Wizard', 'wp-2fa' ),
54 'invalidEmail' => esc_html__( 'Please use a valid email address', 'wp-2fa' ),
55 );
56 wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faData', $data_array );
57
58 $data_array = array(
59 'ajaxURL' => admin_url( 'admin-ajax.php' ),
60 'nonce' => wp_create_nonce( 'wp2fa-verify-wizard-page' ),
61 'codesPreamble' => esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ),
62 'readyText' => esc_html__( 'I\'m ready', 'wp-2fa' ),
63 'codeReSentText' => esc_html__( 'New code sent', 'wp-2fa' ),
64 'invalidEmail' => esc_html__( 'Please use a valid email address', 'wp-2fa' ),
65 'backupCodesSent' => esc_html__( 'Backup codes sent', 'wp-2fa' ),
66 );
67
68 $role = array_key_first( WP2FA::wp_2fa_get_roles() );
69 $redirect_page = Settings::get_role_or_default_setting( 'redirect-user-custom-page-global', 'current', $role );
70 $data_array['redirectToUrl'] = ( '' !== trim( $redirect_page ) ) ? \trailingslashit( get_site_url() ) . $redirect_page : '';
71 // Check and override if custom redirect page is selected and custom redirect is set.
72 if (
73 'yes' === Settings::get_role_or_default_setting( 'create-custom-user-page', 'current', $role ) ||
74 'yes' === Settings::get_role_or_default_setting( 'create-custom-user-page' ) ) {
75 if (
76 '' !== trim( Settings::get_role_or_default_setting( 'redirect-user-custom-page', 'current', $role ) ) ||
77 '' !== trim( Settings::get_role_or_default_setting( 'redirect-user-custom-page' ) ) ) {
78 if ( 'yes' === Settings::get_role_or_default_setting( 'create-custom-user-page', 'current', $role ) ) {
79 $data_array['redirectToUrl'] = trailingslashit( get_site_url() ) . Settings::get_role_or_default_setting( 'redirect-user-custom-page', 'current', $role );
80 } else {
81 $data_array['redirectToUrl'] = trailingslashit( get_site_url() ) . Settings::get_role_or_default_setting( 'redirect-user-custom-page' );
82 }
83 }
84 }
85
86 // Check for shortcode parameter - if one is present use it to redirect the user - highest priority.
87 if ( isset( $redirect_after ) && ! empty( $redirect_after ) ) {
88 $data_array['redirectToUrl'] = trailingslashit( get_site_url() ) . \urlencode( $redirect_after );
89 } elseif ( isset( $_GET['return'] ) && ! empty( $_GET['return'] ) ) {
90 $data_array['redirectToUrl'] = trailingslashit( get_site_url() ) . strip_tags( $_GET['return'] ); // phpcs:ignore
91 }
92
93 wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faWizardData', $data_array );
94 }
95
96 /**
97 * Output setup form.
98 *
99 * @param array $atts - Array with the attributes passed to shortcode.
100 *
101 * @return string
102 */
103 public static function user_setup_2fa_form( $atts ) {
104
105 /** Shortcode redirect_after is supported, with which the user can override all other settings */
106 extract( // phpcs:ignore
107 shortcode_atts(
108 array(
109 'show_preamble' => 'true',
110 'redirect_after' => '',
111 ),
112 $atts
113 )
114 );
115
116 /**
117 * Fires when the FE shortcode scripts are registered.
118 *
119 * @param bool $shortcodes - True if called from the short codes method.
120 *
121 * @since 2.2.0
122 */
123 \do_action( WP_2FA_PREFIX . 'shortcode_scripts', true );
124
125 if ( is_user_logged_in() ) {
126 wp_enqueue_script( 'wp_2fa_frontend_scripts' );
127 wp_enqueue_style( 'wp_2fa_styles' );
128
129 ob_start();
130 echo '<form id="your-profile" class="wp-2fa-configuration-form">';
131 User_Profile::inline_2fa_profile_form( 'output_shortcode', $show_preamble );
132 echo '</form>';
133 $content = ob_get_contents();
134 ob_end_clean();
135 return $content;
136 } elseif ( ! is_admin() && ! is_user_logged_in() ) {
137 ob_start();
138 $new_page_id = WP2FA::get_wp2fa_setting( 'custom-user-page-id' );
139 $redirect_to = ! empty( $new_page_id ) ? get_permalink( $new_page_id ) : get_home_url();
140 $link_markup = '<a href="' . esc_url( wp_login_url( $redirect_to ) ) . '">' . esc_html__( 'Login here.', 'wp-2fa' ) . '</a>';
141 $message = '<p>' . str_replace( '{login_url}', $link_markup, WP2FA::get_wp2fa_white_label_setting( 'login-to-view-area', true ) ) . '</p>';
142 echo wp_kses_post( $message );
143 $content = ob_get_contents();
144 ob_end_clean();
145 return $content;
146 }
147 }
148
149 /**
150 * Output setup nag.
151 *
152 * @param array $atts - Array with the attributes passed to shortcode.
153 *
154 * @return string
155 */
156 public static function user_setup_2fa_notice( $atts ) {
157 extract( // phpcs:ignore
158 shortcode_atts(
159 array(
160 'configure_2fa_url' => '',
161 ),
162 $atts
163 )
164 );
165
166 // TODO: is that really necessary?
167 User_Notices::init();
168
169 if ( ! is_admin() && is_user_logged_in() ) {
170 wp_enqueue_script( 'wp_2fa_micro_modals' );
171 wp_enqueue_script( 'wp_2fa_frontend_scripts' );
172 wp_enqueue_style( 'wp_2fa_styles' );
173
174 $data_array = array(
175 'ajaxURL' => admin_url( 'admin-ajax.php' ),
176 'roles' => WP2FA::wp_2fa_get_roles(),
177 'nonce' => wp_create_nonce( 'wp-2fa-settings-nonce' ),
178 'codesPreamble' => esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ),
179 'readyText' => esc_html__( 'I\'m ready', 'wp-2fa' ),
180 'codeReSentText' => esc_html__( 'New code sent', 'wp-2fa' ),
181 'allDoneHeading' => esc_html__( 'All done.', 'wp-2fa' ),
182 'allDoneText' => esc_html__( 'Your login just got more secure.', 'wp-2fa' ),
183 'closeWizard' => esc_html__( 'Close Wizard', 'wp-2fa' ),
184 );
185 wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faData', $data_array );
186
187 ob_start();
188 User_Notices::user_setup_2fa_nag( 'output_shortcode', $configure_2fa_url );
189 $content = ob_get_contents();
190 ob_end_clean();
191
192 return $content;
193 }
194
195 return '';
196 }
197 }
198 }
199