PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 2.8.0
WP 2FA – Two-factor authentication for WordPress v2.8.0
1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Shortcodes / class-shortcodes.php
wp-2fa / includes / classes / Shortcodes Last commit date
class-shortcodes.php 1 year ago index.php 1 year ago
class-shortcodes.php
210 lines
1 <?php
2 /**
3 * Responsible for rendering the short codes.
4 *
5 * @package wp2fa
6 * @subpackage short-codes
7 * @copyright 2024 Melapress
8 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
9 * @link https://wordpress.org/plugins/wp-2fa/
10 */
11
12 declare(strict_types=1);
13
14 namespace WP2FA\Shortcodes;
15
16 use WP2FA\Core;
17 use WP2FA\WP2FA;
18 use WP2FA\Admin\User_Notices;
19 use WP2FA\Admin\User_Profile;
20 use WP2FA\Admin\Helpers\WP_Helper;
21 use WP2FA\Admin\Views\Re_Login_2FA;
22 use WP2FA\Admin\Helpers\User_Helper;
23 use WP2FA\Admin\Controllers\Settings;
24
25 if ( ! class_exists( '\WP2FA\Shortcodes\Shortcodes' ) ) {
26 /**
27 * Class for rendering shortcodes.
28 */
29 class Shortcodes {
30
31 /**
32 * Constructor.
33 */
34 public static function init() {
35 \add_shortcode( 'wp-2fa-setup-form', array( __CLASS__, 'user_setup_2fa_form' ) );
36 \add_shortcode( 'wp-2fa-setup-notice', array( __CLASS__, 'user_setup_2fa_notice' ) );
37 \add_action( 'wp_enqueue_scripts', array( __CLASS__, 'register_2fa_shortcode_scripts' ) );
38 }
39
40 /**
41 * Register scripts and styles.
42 */
43 public static function register_2fa_shortcode_scripts() {
44 // Add our front end stuff, which we only want to load when the shortcode is present.
45 \wp_register_script( 'wp_2fa_frontend_scripts', Core\script_url( 'wp-2fa', 'admin' ), array( 'jquery', 'wp_2fa_micro_modals' ), WP_2FA_VERSION, true );
46 \wp_register_script( 'wp_2fa_micro_modals', Core\script_url( 'micromodal', 'admin' ), array(), WP_2FA_VERSION, true );
47 \wp_register_style( 'wp_2fa_styles', Core\style_url( 'styles', 'frontend' ), array(), WP_2FA_VERSION );
48
49 $data_array = array(
50 'ajaxURL' => \admin_url( 'admin-ajax.php' ),
51 'roles' => WP_Helper::get_roles_wp(),
52 'nonce' => \wp_create_nonce( 'wp-2fa-settings-nonce' ),
53 'codesPreamble' => \esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ),
54 'readyText' => \esc_html__( 'I\'m ready', 'wp-2fa' ),
55 'codeReSentText' => \esc_html__( 'New code sent', 'wp-2fa' ),
56 'allDoneHeading' => \esc_html__( 'All done.', 'wp-2fa' ),
57 'allDoneText' => \esc_html__( 'Your login just got more secure.', 'wp-2fa' ),
58 'closeWizard' => \esc_html__( 'Close Wizard', 'wp-2fa' ),
59 'invalidEmail' => \esc_html__( 'Please use a valid email address', 'wp-2fa' ),
60 );
61 \wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faData', $data_array );
62
63 $role = User_Helper::get_user_role();
64
65 $re_login = Settings::get_role_or_default_setting( Re_Login_2FA::RE_LOGIN_SETTINGS_NAME, 'current', $role );
66
67 $data_array = array(
68 'ajaxURL' => \admin_url( 'admin-ajax.php' ),
69 'nonce' => \wp_create_nonce( 'wp2fa-verify-wizard-page' ),
70 'codesPreamble' => \esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ),
71 'readyText' => \esc_html__( 'I\'m ready', 'wp-2fa' ),
72 'codeReSentText' => \esc_html__( 'New code sent', 'wp-2fa' ),
73 'invalidEmail' => \esc_html__( 'Please use a valid email address', 'wp-2fa' ),
74 'backupCodesSent' => \esc_html__( 'Backup codes sent', 'wp-2fa' ),
75 'reLogin' => $re_login,
76 'reLoginEnabled' => Re_Login_2FA::ENABLED_SETTING_VALUE,
77 );
78 $redirect_page = Settings::get_role_or_default_setting( 'redirect-user-custom-page-global', 'current', $role );
79 $data_array['redirectToUrl'] = ( '' !== trim( (string) $redirect_page ) ) ? \trailingslashit( get_site_url() ) . $redirect_page : '';
80 // Check and override if custom redirect page is selected and custom redirect is set.
81 if (
82 'yes' === Settings::get_role_or_default_setting( 'create-custom-user-page', 'current', $role ) ||
83 'yes' === Settings::get_role_or_default_setting( 'create-custom-user-page' ) ) {
84 if (
85 '' !== trim( (string) Settings::get_role_or_default_setting( 'redirect-user-custom-page', 'current', $role ) ) ||
86 '' !== trim( (string) Settings::get_role_or_default_setting( 'redirect-user-custom-page' ) ) ) {
87 if ( 'yes' === Settings::get_role_or_default_setting( 'create-custom-user-page', 'current', $role ) ) {
88 $data_array['redirectToUrl'] = \trailingslashit( get_site_url() ) . Settings::get_role_or_default_setting( 'redirect-user-custom-page', 'current', $role );
89 } else {
90 $data_array['redirectToUrl'] = \trailingslashit( get_site_url() ) . Settings::get_role_or_default_setting( 'redirect-user-custom-page' );
91 }
92 }
93 }
94
95 // Check for shortcode parameter - if one is present use it to redirect the user - highest priority.
96 if ( isset( $redirect_after ) && ! empty( $redirect_after ) ) {
97 $data_array['redirectToUrl'] = \trailingslashit( \get_site_url() ) . \urlencode( $redirect_after );
98 } elseif ( isset( $_GET['return'] ) && ! empty( $_GET['return'] ) ) {
99 $data_array['redirectToUrl'] = \trailingslashit( \get_site_url() ) . strip_tags( \wp_unslash( $_GET['return'] ) ); // phpcs:ignore
100 }
101
102 \wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faWizardData', $data_array );
103 }
104
105 /**
106 * Output setup form.
107 *
108 * @param array $atts - Array with the attributes passed to shortcode.
109 *
110 * @return string
111 */
112 public static function user_setup_2fa_form( $atts ) {
113
114 /** Shortcode redirect_after is supported, with which the user can override all other settings */
115 extract( // phpcs:ignore
116 \shortcode_atts(
117 array(
118 'show_preamble' => 'true',
119 'redirect_after' => '',
120 'do_not_show_enabled' => 'false',
121 ),
122 $atts
123 )
124 );
125
126 /**
127 * Fires when the FE shortcode scripts are registered.
128 *
129 * @param bool $shortcodes - True if called from the short codes method.
130 *
131 * @since 2.2.0
132 */
133 \do_action( WP_2FA_PREFIX . 'shortcode_scripts', true );
134
135 if ( is_user_logged_in() ) {
136 \wp_enqueue_script( 'wp_2fa_frontend_scripts' );
137 \wp_enqueue_style( 'wp_2fa_styles' );
138
139 ob_start();
140 echo '<form id="your-profile" class="wp-2fa-configuration-form">';
141 User_Profile::inline_2fa_profile_form( 'output_shortcode', $show_preamble, array( 'do_not_show_enabled' => $do_not_show_enabled ) );
142 echo '</form>';
143 $content = ob_get_contents();
144 ob_end_clean();
145
146 return $content;
147 } elseif ( ! is_admin() && ! is_user_logged_in() ) {
148 ob_start();
149 $new_page_id = WP2FA::get_wp2fa_setting( 'custom-user-page-id' );
150 $redirect_to = ! empty( $new_page_id ) ? \get_permalink( $new_page_id ) : \get_home_url();
151 $link_markup = '<a href="' . \esc_url( \wp_login_url( $redirect_to ) ) . '">' . \esc_html__( 'Login here.', 'wp-2fa' ) . '</a>';
152 $message = '<p id="wp_2fa_login_to_view_text">' . str_replace( '{login_url}', $link_markup, WP2FA::get_wp2fa_white_label_setting( 'login-to-view-area', true ) ) . '</p>';
153 echo \wp_kses_post( $message );
154 $content = ob_get_contents();
155 ob_end_clean();
156 return $content;
157 }
158 }
159
160 /**
161 * Output setup nag.
162 *
163 * @param array $atts - Array with the attributes passed to shortcode.
164 *
165 * @return string
166 */
167 public static function user_setup_2fa_notice( $atts ) {
168 extract( // phpcs:ignore
169 \shortcode_atts(
170 array(
171 'configure_2fa_url' => '',
172 ),
173 $atts
174 )
175 );
176
177 // TODO: is that really necessary?
178 User_Notices::init();
179
180 if ( ! is_admin() && is_user_logged_in() ) {
181 \wp_enqueue_script( 'wp_2fa_micro_modals' );
182 \wp_enqueue_script( 'wp_2fa_frontend_scripts' );
183 \wp_enqueue_style( 'wp_2fa_styles' );
184
185 $data_array = array(
186 'ajaxURL' => \admin_url( 'admin-ajax.php' ),
187 'roles' => WP_Helper::get_roles_wp(),
188 'nonce' => \wp_create_nonce( 'wp-2fa-settings-nonce' ),
189 'codesPreamble' => \esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ),
190 'readyText' => \esc_html__( 'I\'m ready', 'wp-2fa' ),
191 'codeReSentText' => \esc_html__( 'New code sent', 'wp-2fa' ),
192 'allDoneHeading' => \esc_html__( 'All done.', 'wp-2fa' ),
193 'allDoneText' => \esc_html__( 'Your login just got more secure.', 'wp-2fa' ),
194 'closeWizard' => \esc_html__( 'Close Wizard', 'wp-2fa' ),
195 );
196 \wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faData', $data_array );
197
198 ob_start();
199 User_Notices::user_setup_2fa_nag( 'output_shortcode', $configure_2fa_url );
200 $content = ob_get_contents();
201 ob_end_clean();
202
203 return $content;
204 }
205
206 return '';
207 }
208 }
209 }
210