PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 2.9.1
WP 2FA – Two-factor authentication for WordPress v2.9.1
4.0.0 1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Shortcodes / class-shortcodes.php
wp-2fa / includes / classes / Shortcodes Last commit date
class-shortcodes.php 11 months ago index.php 11 months ago
class-shortcodes.php
210 lines
1 <?php
2 /**
3 * Responsible for rendering the short codes.
4 *
5 * @package wp2fa
6 * @subpackage short-codes
7 * @copyright 2025 Melapress
8 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
9 * @link https://wordpress.org/plugins/wp-2fa/
10 */
11
12 declare(strict_types=1);
13
14 namespace WP2FA\Shortcodes;
15
16 use WP2FA\Core;
17 use WP2FA\WP2FA;
18 use WP2FA\Admin\User_Notices;
19 use WP2FA\Admin\User_Profile;
20 use WP2FA\Utils\Settings_Utils;
21 use WP2FA\Admin\Helpers\WP_Helper;
22 use WP2FA\Admin\Views\Re_Login_2FA;
23 use WP2FA\Admin\Helpers\User_Helper;
24
25 if ( ! class_exists( '\WP2FA\Shortcodes\Shortcodes' ) ) {
26 /**
27 * Class for rendering shortcodes.
28 */
29 class Shortcodes {
30
31 /**
32 * Constructor.
33 */
34 public static function init() {
35 \add_shortcode( 'wp-2fa-setup-form', array( __CLASS__, 'user_setup_2fa_form' ) );
36 \add_shortcode( 'wp-2fa-setup-notice', array( __CLASS__, 'user_setup_2fa_notice' ) );
37 \add_action( 'wp_enqueue_scripts', array( __CLASS__, 'register_2fa_shortcode_scripts' ) );
38 }
39
40 /**
41 * Register scripts and styles.
42 */
43 public static function register_2fa_shortcode_scripts() {
44 // Add our front end stuff, which we only want to load when the shortcode is present.
45 \wp_register_script( 'wp_2fa_frontend_scripts', Core\script_url( 'wp-2fa', 'admin' ), array( 'jquery', 'wp_2fa_micro_modals' ), WP_2FA_VERSION, true );
46 \wp_register_script( 'wp_2fa_micro_modals', Core\script_url( 'micromodal', 'admin' ), array(), WP_2FA_VERSION, true );
47 \wp_register_style( 'wp_2fa_styles', Core\style_url( 'styles', 'frontend' ), array(), WP_2FA_VERSION );
48
49 $data_array = array(
50 'ajaxURL' => \admin_url( 'admin-ajax.php' ),
51 'roles' => WP_Helper::get_roles_wp(),
52 'nonce' => \wp_create_nonce( 'wp-2fa-settings-nonce' ),
53 'codesPreamble' => \esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ),
54 'readyText' => \esc_html__( 'I\'m ready', 'wp-2fa' ),
55 'codeReSentText' => \esc_html__( 'New code sent', 'wp-2fa' ),
56 'allDoneHeading' => \esc_html__( 'All done.', 'wp-2fa' ),
57 'allDoneText' => \esc_html__( 'Your login just got more secure.', 'wp-2fa' ),
58 'closeWizard' => \esc_html__( 'Close Wizard', 'wp-2fa' ),
59 'invalidEmail' => \esc_html__( 'Please use a valid email address', 'wp-2fa' ),
60 );
61 \wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faData', $data_array );
62
63 $role = User_Helper::get_user_role();
64
65 $re_login = Settings_Utils::get_setting_role( $role, Re_Login_2FA::RE_LOGIN_SETTINGS_NAME );
66
67 $data_array = array(
68 'ajaxURL' => \admin_url( 'admin-ajax.php' ),
69 'nonce' => \wp_create_nonce( 'wp2fa-verify-wizard-page' ),
70 'codesPreamble' => \esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ),
71 'readyText' => \esc_html__( 'I\'m ready', 'wp-2fa' ),
72 'codeReSentText' => \esc_html__( 'New code sent', 'wp-2fa' ),
73 'invalidEmail' => \esc_html__( 'Please use a valid email address', 'wp-2fa' ),
74 'backupCodesSent' => \esc_html__( 'Backup codes sent', 'wp-2fa' ),
75 'reLogin' => $re_login,
76 'reLoginEnabled' => Re_Login_2FA::ENABLED_SETTING_VALUE,
77 );
78 $redirect_page = \sanitize_text_field( Settings_Utils::get_setting_role( $role, 'redirect-user-custom-page-global' ) );
79 $data_array['redirectToUrl'] = ( '' !== trim( (string) $redirect_page ) ) ? \trailingslashit( get_site_url() ) . $redirect_page : '';
80 // Check and override if custom redirect page is selected and custom redirect is set.
81 if (
82 'yes' === Settings_Utils::get_setting_role( $role, 'create-custom-user-page' ) ||
83 'yes' === Settings_Utils::get_setting_role( null, 'create-custom-user-page' ) ) {
84 if (
85 '' !== trim( (string) Settings_Utils::get_setting_role( $role, 'redirect-user-custom-page' ) ) ||
86 '' !== trim( (string) Settings_Utils::get_setting_role( null, 'redirect-user-custom-page' ) ) ) {
87 if ( 'yes' === Settings_Utils::get_setting_role( $role, 'create-custom-user-page' ) ) {
88 $data_array['redirectToUrl'] = \trailingslashit( get_site_url() ) . \sanitize_text_field( Settings_Utils::get_setting_role( $role, 'redirect-user-custom-page' ) );
89 } else {
90 $data_array['redirectToUrl'] = \trailingslashit( get_site_url() ) . \sanitize_text_field( Settings_Utils::get_setting_role( null, 'redirect-user-custom-page' ) );
91 }
92 }
93 }
94
95 // Check for shortcode parameter - if one is present use it to redirect the user - highest priority.
96 if ( isset( $redirect_after ) && ! empty( $redirect_after ) ) {
97 $data_array['redirectToUrl'] = \trailingslashit( \get_site_url() ) . \urlencode( $redirect_after );
98 } elseif ( isset( $_GET['return'] ) && ! empty( $_GET['return'] ) ) {
99 $data_array['redirectToUrl'] = \trailingslashit( \get_site_url() ) . strip_tags( \wp_unslash( $_GET['return'] ) ); // phpcs:ignore
100 }
101
102 \wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faWizardData', $data_array );
103 }
104
105 /**
106 * Output setup form.
107 *
108 * @param array $atts - Array with the attributes passed to shortcode.
109 *
110 * @return string
111 */
112 public static function user_setup_2fa_form( $atts ) {
113 $atts = \shortcode_atts(
114 array(
115 'show_preamble' => 'true',
116 'redirect_after' => '',
117 'do_not_show_enabled' => 'false',
118 ),
119 $atts
120 );
121
122 $show_preamble = filter_var( $atts['show_preamble'], FILTER_VALIDATE_BOOLEAN );
123 $redirect_after = sanitize_text_field( $atts['redirect_after'] );
124 $do_not_show_enabled = filter_var( $atts['do_not_show_enabled'], FILTER_VALIDATE_BOOLEAN );
125
126 /**
127 * Fires when the FE shortcode scripts are registered.
128 *
129 * @param bool $shortcodes - True if called from the short codes method.
130 *
131 * @since 2.2.0
132 */
133 \do_action( WP_2FA_PREFIX . 'shortcode_scripts', true );
134
135 if ( is_user_logged_in() ) {
136 \wp_enqueue_script( 'wp_2fa_frontend_scripts' );
137 \wp_enqueue_style( 'wp_2fa_styles' );
138
139 ob_start();
140 echo '<form id="your-profile" class="wp-2fa-configuration-form">';
141 User_Profile::inline_2fa_profile_form( 'output_shortcode', $show_preamble, array( 'do_not_show_enabled' => $do_not_show_enabled ) );
142 echo '</form>';
143 $content = ob_get_contents();
144 ob_end_clean();
145
146 return $content;
147 } elseif ( ! is_admin() && ! is_user_logged_in() ) {
148 ob_start();
149 $new_page_id = WP2FA::get_wp2fa_setting( 'custom-user-page-id' );
150 $redirect_to = ! empty( $new_page_id ) ? \get_permalink( $new_page_id ) : \get_home_url();
151 $link_markup = '<a href="' . \esc_url( \wp_login_url( $redirect_to ) ) . '">' . \esc_html__( 'Login here.', 'wp-2fa' ) . '</a>';
152 $message = '<p id="wp_2fa_login_to_view_text">' . str_replace( '{login_url}', $link_markup, WP2FA::get_wp2fa_white_label_setting( 'login-to-view-area', true ) ) . '</p>';
153 echo \wp_kses_post( $message );
154 $content = ob_get_contents();
155 ob_end_clean();
156 return $content;
157 }
158 }
159
160 /**
161 * Output setup nag.
162 *
163 * @param array $atts - Array with the attributes passed to shortcode.
164 *
165 * @return string
166 */
167 public static function user_setup_2fa_notice( $atts ) {
168 $atts = \shortcode_atts(
169 array(
170 'configure_2fa_url' => '',
171 ),
172 $atts
173 );
174
175 $configure_2fa_url = sanitize_text_field( $atts['configure_2fa_url'] );
176
177 // TODO: is that really necessary?
178 User_Notices::init();
179
180 if ( ! is_admin() && is_user_logged_in() ) {
181 \wp_enqueue_script( 'wp_2fa_micro_modals' );
182 \wp_enqueue_script( 'wp_2fa_frontend_scripts' );
183 \wp_enqueue_style( 'wp_2fa_styles' );
184
185 $data_array = array(
186 'ajaxURL' => \admin_url( 'admin-ajax.php' ),
187 'roles' => WP_Helper::get_roles_wp(),
188 'nonce' => \wp_create_nonce( 'wp-2fa-settings-nonce' ),
189 'codesPreamble' => \esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ),
190 'readyText' => \esc_html__( 'I\'m ready', 'wp-2fa' ),
191 'codeReSentText' => \esc_html__( 'New code sent', 'wp-2fa' ),
192 'allDoneHeading' => \esc_html__( 'All done.', 'wp-2fa' ),
193 'allDoneText' => \esc_html__( 'Your login just got more secure.', 'wp-2fa' ),
194 'closeWizard' => \esc_html__( 'Close Wizard', 'wp-2fa' ),
195 );
196 \wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faData', $data_array );
197
198 ob_start();
199 User_Notices::user_setup_2fa_nag( 'output_shortcode', $configure_2fa_url );
200 $content = ob_get_contents();
201 ob_end_clean();
202
203 return $content;
204 }
205
206 return '';
207 }
208 }
209 }
210