PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 2.6.4
WP 2FA – Two-factor authentication for WordPress v2.6.4
1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Shortcodes / class-shortcodes.php
wp-2fa / includes / classes / Shortcodes Last commit date
class-shortcodes.php 2 years ago index.php 2 years ago
class-shortcodes.php
201 lines
1 <?php
2 /**
3 * Responsible for rendering the short codes.
4 *
5 * @package wp2fa
6 * @subpackage short-codes
7 * @copyright 2024 Melapress
8 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
9 * @link https://wordpress.org/plugins/wp-2fa/
10 */
11
12 declare(strict_types=1);
13
14 namespace WP2FA\Shortcodes;
15
16 use WP2FA\WP2FA;
17 use WP2FA\Core;
18 use WP2FA\Admin\User_Profile;
19 use WP2FA\Admin\User_Notices;
20 use WP2FA\Admin\Controllers\Settings;
21
22 if ( ! class_exists( '\WP2FA\Shortcodes\Shortcodes' ) ) {
23 /**
24 * Class for rendering shortcodes.
25 */
26 class Shortcodes {
27
28 /**
29 * Constructor.
30 */
31 public static function init() {
32 add_shortcode( 'wp-2fa-setup-form', array( __CLASS__, 'user_setup_2fa_form' ) );
33 add_shortcode( 'wp-2fa-setup-notice', array( __CLASS__, 'user_setup_2fa_notice' ) );
34 add_action( 'wp_enqueue_scripts', array( __CLASS__, 'register_2fa_shortcode_scripts' ) );
35 }
36
37 /**
38 * Register scripts and styles.
39 */
40 public static function register_2fa_shortcode_scripts() {
41 // Add our front end stuff, which we only want to load when the shortcode is present.
42 wp_register_script( 'wp_2fa_frontend_scripts', Core\script_url( 'wp-2fa', 'admin' ), array( 'jquery', 'wp_2fa_micro_modals' ), WP_2FA_VERSION, true );
43 wp_register_script( 'wp_2fa_micro_modals', Core\script_url( 'micromodal', 'admin' ), array(), WP_2FA_VERSION, true );
44 wp_register_style( 'wp_2fa_styles', Core\style_url( 'styles', 'frontend' ), array(), WP_2FA_VERSION );
45
46 $data_array = array(
47 'ajaxURL' => admin_url( 'admin-ajax.php' ),
48 'roles' => WP2FA::wp_2fa_get_roles(),
49 'nonce' => wp_create_nonce( 'wp-2fa-settings-nonce' ),
50 'codesPreamble' => esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ),
51 'readyText' => esc_html__( 'I\'m ready', 'wp-2fa' ),
52 'codeReSentText' => esc_html__( 'New code sent', 'wp-2fa' ),
53 'allDoneHeading' => esc_html__( 'All done.', 'wp-2fa' ),
54 'allDoneText' => esc_html__( 'Your login just got more secure.', 'wp-2fa' ),
55 'closeWizard' => esc_html__( 'Close Wizard', 'wp-2fa' ),
56 'invalidEmail' => esc_html__( 'Please use a valid email address', 'wp-2fa' ),
57 );
58 wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faData', $data_array );
59
60 $data_array = array(
61 'ajaxURL' => admin_url( 'admin-ajax.php' ),
62 'nonce' => wp_create_nonce( 'wp2fa-verify-wizard-page' ),
63 'codesPreamble' => esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ),
64 'readyText' => esc_html__( 'I\'m ready', 'wp-2fa' ),
65 'codeReSentText' => esc_html__( 'New code sent', 'wp-2fa' ),
66 'invalidEmail' => esc_html__( 'Please use a valid email address', 'wp-2fa' ),
67 'backupCodesSent' => esc_html__( 'Backup codes sent', 'wp-2fa' ),
68 );
69
70 $role = array_key_first( WP2FA::wp_2fa_get_roles() );
71 $redirect_page = Settings::get_role_or_default_setting( 'redirect-user-custom-page-global', 'current', $role );
72 $data_array['redirectToUrl'] = ( '' !== trim( (string) $redirect_page ) ) ? \trailingslashit( get_site_url() ) . $redirect_page : '';
73 // Check and override if custom redirect page is selected and custom redirect is set.
74 if (
75 'yes' === Settings::get_role_or_default_setting( 'create-custom-user-page', 'current', $role ) ||
76 'yes' === Settings::get_role_or_default_setting( 'create-custom-user-page' ) ) {
77 if (
78 '' !== trim( (string) Settings::get_role_or_default_setting( 'redirect-user-custom-page', 'current', $role ) ) ||
79 '' !== trim( (string) Settings::get_role_or_default_setting( 'redirect-user-custom-page' ) ) ) {
80 if ( 'yes' === Settings::get_role_or_default_setting( 'create-custom-user-page', 'current', $role ) ) {
81 $data_array['redirectToUrl'] = trailingslashit( get_site_url() ) . Settings::get_role_or_default_setting( 'redirect-user-custom-page', 'current', $role );
82 } else {
83 $data_array['redirectToUrl'] = trailingslashit( get_site_url() ) . Settings::get_role_or_default_setting( 'redirect-user-custom-page' );
84 }
85 }
86 }
87
88 // Check for shortcode parameter - if one is present use it to redirect the user - highest priority.
89 if ( isset( $redirect_after ) && ! empty( $redirect_after ) ) {
90 $data_array['redirectToUrl'] = trailingslashit( get_site_url() ) . \urlencode( $redirect_after );
91 } elseif ( isset( $_GET['return'] ) && ! empty( $_GET['return'] ) ) {
92 $data_array['redirectToUrl'] = trailingslashit( get_site_url() ) . strip_tags( \wp_unslash( $_GET['return'] ) ); // phpcs:ignore
93 }
94
95 wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faWizardData', $data_array );
96 }
97
98 /**
99 * Output setup form.
100 *
101 * @param array $atts - Array with the attributes passed to shortcode.
102 *
103 * @return string
104 */
105 public static function user_setup_2fa_form( $atts ) {
106
107 /** Shortcode redirect_after is supported, with which the user can override all other settings */
108 extract( // phpcs:ignore
109 shortcode_atts(
110 array(
111 'show_preamble' => 'true',
112 'redirect_after' => '',
113 ),
114 $atts
115 )
116 );
117
118 /**
119 * Fires when the FE shortcode scripts are registered.
120 *
121 * @param bool $shortcodes - True if called from the short codes method.
122 *
123 * @since 2.2.0
124 */
125 \do_action( WP_2FA_PREFIX . 'shortcode_scripts', true );
126
127 if ( is_user_logged_in() ) {
128 wp_enqueue_script( 'wp_2fa_frontend_scripts' );
129 wp_enqueue_style( 'wp_2fa_styles' );
130
131 ob_start();
132 echo '<form id="your-profile" class="wp-2fa-configuration-form">';
133 User_Profile::inline_2fa_profile_form( 'output_shortcode', $show_preamble );
134 echo '</form>';
135 $content = ob_get_contents();
136 ob_end_clean();
137 return $content;
138 } elseif ( ! is_admin() && ! is_user_logged_in() ) {
139 ob_start();
140 $new_page_id = WP2FA::get_wp2fa_setting( 'custom-user-page-id' );
141 $redirect_to = ! empty( $new_page_id ) ? get_permalink( $new_page_id ) : get_home_url();
142 $link_markup = '<a href="' . esc_url( wp_login_url( $redirect_to ) ) . '">' . esc_html__( 'Login here.', 'wp-2fa' ) . '</a>';
143 $message = '<p>' . str_replace( '{login_url}', $link_markup, WP2FA::get_wp2fa_white_label_setting( 'login-to-view-area', true ) ) . '</p>';
144 echo wp_kses_post( $message );
145 $content = ob_get_contents();
146 ob_end_clean();
147 return $content;
148 }
149 }
150
151 /**
152 * Output setup nag.
153 *
154 * @param array $atts - Array with the attributes passed to shortcode.
155 *
156 * @return string
157 */
158 public static function user_setup_2fa_notice( $atts ) {
159 extract( // phpcs:ignore
160 shortcode_atts(
161 array(
162 'configure_2fa_url' => '',
163 ),
164 $atts
165 )
166 );
167
168 // TODO: is that really necessary?
169 User_Notices::init();
170
171 if ( ! is_admin() && is_user_logged_in() ) {
172 wp_enqueue_script( 'wp_2fa_micro_modals' );
173 wp_enqueue_script( 'wp_2fa_frontend_scripts' );
174 wp_enqueue_style( 'wp_2fa_styles' );
175
176 $data_array = array(
177 'ajaxURL' => admin_url( 'admin-ajax.php' ),
178 'roles' => WP2FA::wp_2fa_get_roles(),
179 'nonce' => wp_create_nonce( 'wp-2fa-settings-nonce' ),
180 'codesPreamble' => esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ),
181 'readyText' => esc_html__( 'I\'m ready', 'wp-2fa' ),
182 'codeReSentText' => esc_html__( 'New code sent', 'wp-2fa' ),
183 'allDoneHeading' => esc_html__( 'All done.', 'wp-2fa' ),
184 'allDoneText' => esc_html__( 'Your login just got more secure.', 'wp-2fa' ),
185 'closeWizard' => esc_html__( 'Close Wizard', 'wp-2fa' ),
186 );
187 wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faData', $data_array );
188
189 ob_start();
190 User_Notices::user_setup_2fa_nag( 'output_shortcode', $configure_2fa_url );
191 $content = ob_get_contents();
192 ob_end_clean();
193
194 return $content;
195 }
196
197 return '';
198 }
199 }
200 }
201