PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 2.7.0
WP 2FA – Two-factor authentication for WordPress v2.7.0
1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Shortcodes / class-shortcodes.php
wp-2fa / includes / classes / Shortcodes Last commit date
class-shortcodes.php 2 years ago index.php 2 years ago
class-shortcodes.php
209 lines
1 <?php
2 /**
3 * Responsible for rendering the short codes.
4 *
5 * @package wp2fa
6 * @subpackage short-codes
7 * @copyright 2024 Melapress
8 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
9 * @link https://wordpress.org/plugins/wp-2fa/
10 */
11
12 declare(strict_types=1);
13
14 namespace WP2FA\Shortcodes;
15
16 use WP2FA\Core;
17 use WP2FA\WP2FA;
18 use WP2FA\Admin\User_Notices;
19 use WP2FA\Admin\User_Profile;
20 use WP2FA\Admin\Views\Re_Login_2FA;
21 use WP2FA\Admin\Helpers\User_Helper;
22 use WP2FA\Admin\Controllers\Settings;
23
24 if ( ! class_exists( '\WP2FA\Shortcodes\Shortcodes' ) ) {
25 /**
26 * Class for rendering shortcodes.
27 */
28 class Shortcodes {
29
30 /**
31 * Constructor.
32 */
33 public static function init() {
34 add_shortcode( 'wp-2fa-setup-form', array( __CLASS__, 'user_setup_2fa_form' ) );
35 add_shortcode( 'wp-2fa-setup-notice', array( __CLASS__, 'user_setup_2fa_notice' ) );
36 add_action( 'wp_enqueue_scripts', array( __CLASS__, 'register_2fa_shortcode_scripts' ) );
37 }
38
39 /**
40 * Register scripts and styles.
41 */
42 public static function register_2fa_shortcode_scripts() {
43 // Add our front end stuff, which we only want to load when the shortcode is present.
44 \wp_register_script( 'wp_2fa_frontend_scripts', Core\script_url( 'wp-2fa', 'admin' ), array( 'jquery', 'wp_2fa_micro_modals' ), WP_2FA_VERSION, true );
45 \wp_register_script( 'wp_2fa_micro_modals', Core\script_url( 'micromodal', 'admin' ), array(), WP_2FA_VERSION, true );
46 \wp_register_style( 'wp_2fa_styles', Core\style_url( 'styles', 'frontend' ), array(), WP_2FA_VERSION );
47
48 $data_array = array(
49 'ajaxURL' => \admin_url( 'admin-ajax.php' ),
50 'roles' => WP2FA::wp_2fa_get_roles(),
51 'nonce' => \wp_create_nonce( 'wp-2fa-settings-nonce' ),
52 'codesPreamble' => \esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ),
53 'readyText' => \esc_html__( 'I\'m ready', 'wp-2fa' ),
54 'codeReSentText' => \esc_html__( 'New code sent', 'wp-2fa' ),
55 'allDoneHeading' => \esc_html__( 'All done.', 'wp-2fa' ),
56 'allDoneText' => \esc_html__( 'Your login just got more secure.', 'wp-2fa' ),
57 'closeWizard' => \esc_html__( 'Close Wizard', 'wp-2fa' ),
58 'invalidEmail' => \esc_html__( 'Please use a valid email address', 'wp-2fa' ),
59 );
60 \wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faData', $data_array );
61
62 $role = User_Helper::get_user_role();
63
64 $re_login = Settings::get_role_or_default_setting( Re_Login_2FA::RE_LOGIN_SETTINGS_NAME, 'current', $role );
65
66 $data_array = array(
67 'ajaxURL' => \admin_url( 'admin-ajax.php' ),
68 'nonce' => \wp_create_nonce( 'wp2fa-verify-wizard-page' ),
69 'codesPreamble' => \esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ),
70 'readyText' => \esc_html__( 'I\'m ready', 'wp-2fa' ),
71 'codeReSentText' => \esc_html__( 'New code sent', 'wp-2fa' ),
72 'invalidEmail' => \esc_html__( 'Please use a valid email address', 'wp-2fa' ),
73 'backupCodesSent' => \esc_html__( 'Backup codes sent', 'wp-2fa' ),
74 'reLogin' => $re_login,
75 'reLoginEnabled' => Re_Login_2FA::ENABLED_SETTING_VALUE,
76 );
77 $redirect_page = Settings::get_role_or_default_setting( 'redirect-user-custom-page-global', 'current', $role );
78 $data_array['redirectToUrl'] = ( '' !== trim( (string) $redirect_page ) ) ? \trailingslashit( get_site_url() ) . $redirect_page : '';
79 // Check and override if custom redirect page is selected and custom redirect is set.
80 if (
81 'yes' === Settings::get_role_or_default_setting( 'create-custom-user-page', 'current', $role ) ||
82 'yes' === Settings::get_role_or_default_setting( 'create-custom-user-page' ) ) {
83 if (
84 '' !== trim( (string) Settings::get_role_or_default_setting( 'redirect-user-custom-page', 'current', $role ) ) ||
85 '' !== trim( (string) Settings::get_role_or_default_setting( 'redirect-user-custom-page' ) ) ) {
86 if ( 'yes' === Settings::get_role_or_default_setting( 'create-custom-user-page', 'current', $role ) ) {
87 $data_array['redirectToUrl'] = \trailingslashit( get_site_url() ) . Settings::get_role_or_default_setting( 'redirect-user-custom-page', 'current', $role );
88 } else {
89 $data_array['redirectToUrl'] = \trailingslashit( get_site_url() ) . Settings::get_role_or_default_setting( 'redirect-user-custom-page' );
90 }
91 }
92 }
93
94 // Check for shortcode parameter - if one is present use it to redirect the user - highest priority.
95 if ( isset( $redirect_after ) && ! empty( $redirect_after ) ) {
96 $data_array['redirectToUrl'] = \trailingslashit( \get_site_url() ) . \urlencode( $redirect_after );
97 } elseif ( isset( $_GET['return'] ) && ! empty( $_GET['return'] ) ) {
98 $data_array['redirectToUrl'] = \trailingslashit( \get_site_url() ) . strip_tags( \wp_unslash( $_GET['return'] ) ); // phpcs:ignore
99 }
100
101 \wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faWizardData', $data_array );
102 }
103
104 /**
105 * Output setup form.
106 *
107 * @param array $atts - Array with the attributes passed to shortcode.
108 *
109 * @return string
110 */
111 public static function user_setup_2fa_form( $atts ) {
112
113 /** Shortcode redirect_after is supported, with which the user can override all other settings */
114 extract( // phpcs:ignore
115 \shortcode_atts(
116 array(
117 'show_preamble' => 'true',
118 'redirect_after' => '',
119 'do_not_show_enabled' => 'false',
120 ),
121 $atts
122 )
123 );
124
125 /**
126 * Fires when the FE shortcode scripts are registered.
127 *
128 * @param bool $shortcodes - True if called from the short codes method.
129 *
130 * @since 2.2.0
131 */
132 \do_action( WP_2FA_PREFIX . 'shortcode_scripts', true );
133
134 if ( is_user_logged_in() ) {
135 \wp_enqueue_script( 'wp_2fa_frontend_scripts' );
136 \wp_enqueue_style( 'wp_2fa_styles' );
137
138 ob_start();
139 echo '<form id="your-profile" class="wp-2fa-configuration-form">';
140 User_Profile::inline_2fa_profile_form( 'output_shortcode', $show_preamble, ['do_not_show_enabled'=>$do_not_show_enabled] );
141 echo '</form>';
142 $content = ob_get_contents();
143 ob_end_clean();
144
145 return $content;
146 } elseif ( ! is_admin() && ! is_user_logged_in() ) {
147 ob_start();
148 $new_page_id = WP2FA::get_wp2fa_setting( 'custom-user-page-id' );
149 $redirect_to = ! empty( $new_page_id ) ? get_permalink( $new_page_id ) : get_home_url();
150 $link_markup = '<a href="' . \esc_url( wp_login_url( $redirect_to ) ) . '">' . \esc_html__( 'Login here.', 'wp-2fa' ) . '</a>';
151 $message = '<p>' . str_replace( '{login_url}', $link_markup, WP2FA::get_wp2fa_white_label_setting( 'login-to-view-area', true ) ) . '</p>';
152 echo \wp_kses_post( $message );
153 $content = ob_get_contents();
154 ob_end_clean();
155 return $content;
156 }
157 }
158
159 /**
160 * Output setup nag.
161 *
162 * @param array $atts - Array with the attributes passed to shortcode.
163 *
164 * @return string
165 */
166 public static function user_setup_2fa_notice( $atts ) {
167 extract( // phpcs:ignore
168 shortcode_atts(
169 array(
170 'configure_2fa_url' => '',
171 ),
172 $atts
173 )
174 );
175
176 // TODO: is that really necessary?
177 User_Notices::init();
178
179 if ( ! is_admin() && is_user_logged_in() ) {
180 wp_enqueue_script( 'wp_2fa_micro_modals' );
181 wp_enqueue_script( 'wp_2fa_frontend_scripts' );
182 wp_enqueue_style( 'wp_2fa_styles' );
183
184 $data_array = array(
185 'ajaxURL' => admin_url( 'admin-ajax.php' ),
186 'roles' => WP2FA::wp_2fa_get_roles(),
187 'nonce' => wp_create_nonce( 'wp-2fa-settings-nonce' ),
188 'codesPreamble' => \esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ),
189 'readyText' => \esc_html__( 'I\'m ready', 'wp-2fa' ),
190 'codeReSentText' => \esc_html__( 'New code sent', 'wp-2fa' ),
191 'allDoneHeading' => \esc_html__( 'All done.', 'wp-2fa' ),
192 'allDoneText' => \esc_html__( 'Your login just got more secure.', 'wp-2fa' ),
193 'closeWizard' => \esc_html__( 'Close Wizard', 'wp-2fa' ),
194 );
195 wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faData', $data_array );
196
197 ob_start();
198 User_Notices::user_setup_2fa_nag( 'output_shortcode', $configure_2fa_url );
199 $content = ob_get_contents();
200 ob_end_clean();
201
202 return $content;
203 }
204
205 return '';
206 }
207 }
208 }
209