Controllers
10 months ago
Fly-Out
10 months ago
Helpers
10 months ago
Methods
10 months ago
SettingsPages
10 months ago
Views
10 months ago
class-help-contact-us.php
10 months ago
class-plugin-updated-notice.php
10 months ago
class-premium-features.php
10 months ago
class-settings-page.php
10 months ago
class-setup-wizard.php
10 months ago
class-user-listing.php
10 months ago
class-user-notices.php
10 months ago
class-user-profile.php
10 months ago
class-user-registered.php
10 months ago
index.php
10 months ago
class-user-listing.php
222 lines
| 1 | <?php |
| 2 | /** |
| 3 | * Responsible for user listing in admin manipulation. |
| 4 | * |
| 5 | * @package wp2fa |
| 6 | * @subpackage user-utils |
| 7 | * @copyright 2025 Melapress |
| 8 | * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 |
| 9 | * @link https://wordpress.org/plugins/wp-2fa/ |
| 10 | */ |
| 11 | |
| 12 | declare(strict_types=1); |
| 13 | |
| 14 | namespace WP2FA\Admin; |
| 15 | |
| 16 | use WP2FA\Utils\User_Utils; |
| 17 | use WP2FA\Admin\Helpers\User_Helper; |
| 18 | use WP2FA\Extensions\TrustedDevices\Core; |
| 19 | |
| 20 | defined( 'ABSPATH' ) || exit; // Exit if accessed directly. |
| 21 | |
| 22 | /** |
| 23 | * User_Listing class with user listing filters |
| 24 | */ |
| 25 | if ( ! class_exists( '\WP2FA\Admin\User_Listing' ) ) { |
| 26 | |
| 27 | /** |
| 28 | * User_Listing - Shows extra column in user table with WP2FA status for every user |
| 29 | */ |
| 30 | class User_Listing { |
| 31 | |
| 32 | /** |
| 33 | * The users table column name |
| 34 | * |
| 35 | * @var string |
| 36 | * |
| 37 | * @since 3.0.0 |
| 38 | */ |
| 39 | private static $column_name = '2fa-status'; |
| 40 | |
| 41 | /** |
| 42 | * Inits all the hooks used for showing the extra user data in the users column |
| 43 | * |
| 44 | * @return void |
| 45 | * |
| 46 | * @since 3.0.0 |
| 47 | */ |
| 48 | public static function init() { |
| 49 | \add_filter( 'manage_users_columns', array( __CLASS__, 'add_wp_2fa_column' ) ); |
| 50 | \add_filter( 'wpmu_users_columns', array( __CLASS__, 'add_wp_2fa_column' ) ); |
| 51 | \add_filter( 'manage_users_custom_column', array( __CLASS__, 'show_column_data' ), 10, 3 ); |
| 52 | \add_filter( 'bulk_actions-users', array( __CLASS__, 'add_bulk_action' ), 10, 1 ); |
| 53 | \add_filter( 'handle_bulk_actions-users', array( __CLASS__, 'handle_bulk_actions' ), 10, 3 ); |
| 54 | \add_action( 'admin_notices', array( __CLASS__, 'show_admin_notice' ) ); |
| 55 | \add_filter( 'user_row_actions', array( __CLASS__, 'add_users_hover' ), 10, 2 ); |
| 56 | } |
| 57 | |
| 58 | /** |
| 59 | * Sets the column in the admin users table |
| 60 | * |
| 61 | * @param array $columns - Array with all the columns. |
| 62 | * |
| 63 | * @return array |
| 64 | * |
| 65 | * @since 3.0.0 |
| 66 | */ |
| 67 | public static function add_wp_2fa_column( array $columns ): array { |
| 68 | $columns[ self::$column_name ] = esc_html__( '2FA Status', 'wp-2fa' ); |
| 69 | return $columns; |
| 70 | } |
| 71 | |
| 72 | /** |
| 73 | * Shows the user WP 2FA status data in the users table |
| 74 | * |
| 75 | * @param mixed $value - The value of the column. |
| 76 | * @param string $column_name - The name of the column. |
| 77 | * @param int $user_id - the ID of the user. |
| 78 | * |
| 79 | * @return mixed |
| 80 | * |
| 81 | * @since 3.0.0 |
| 82 | */ |
| 83 | public static function show_column_data( $value, string $column_name, $user_id ) { |
| 84 | if ( self::$column_name === $column_name ) { |
| 85 | return esc_html( self::get_user2fa_status( $user_id ) ); |
| 86 | } |
| 87 | return $value; |
| 88 | } |
| 89 | |
| 90 | /** |
| 91 | * Retrieves the translated 2FA status label for given user. |
| 92 | * |
| 93 | * @param int $user_id - The id of the user for which the info should be extracted. |
| 94 | * |
| 95 | * @return string |
| 96 | * |
| 97 | * @since 3.0.0 |
| 98 | */ |
| 99 | private static function get_user2fa_status( $user_id ): string { |
| 100 | $status_meta_value = User_Helper::get_2fa_status( $user_id ); |
| 101 | if ( ! empty( $status_meta_value ) ) { |
| 102 | $status_data = User_Utils::extract_statuses( array( $status_meta_value ) ); |
| 103 | if ( ! empty( $status_data ) ) { |
| 104 | return $status_data['label']; |
| 105 | } |
| 106 | } |
| 107 | return User_Helper::set_user_status( new \WP_User( $user_id ) ); |
| 108 | } |
| 109 | |
| 110 | /** |
| 111 | * Returns the users table column name |
| 112 | * |
| 113 | * @return string |
| 114 | * |
| 115 | * @since 3.0.0 |
| 116 | */ |
| 117 | public static function get_column_name(): string { |
| 118 | return self::$column_name; |
| 119 | } |
| 120 | |
| 121 | /** |
| 122 | * Adds bulk action to the WP users menu |
| 123 | * |
| 124 | * @param array $bulk_actions - Array of bulk actions. |
| 125 | * |
| 126 | * @return array |
| 127 | * |
| 128 | * @since 2.2.2 |
| 129 | */ |
| 130 | public static function add_bulk_action( $bulk_actions ): array { |
| 131 | $bulk_actions['remove-2fa'] = esc_html__( 'Remove 2FA', 'wp-2fa' ); |
| 132 | $bulk_actions['remove-2fa-trusted'] = esc_html__( 'Reset list of 2FA trusted devices', 'wp-2fa' ); |
| 133 | |
| 134 | return $bulk_actions; |
| 135 | } |
| 136 | |
| 137 | /** |
| 138 | * Removes the 2fa from the list of the selected users. |
| 139 | * |
| 140 | * @param string $redirect_url - The redirect URL to redirect to when action is performed. |
| 141 | * @param string $action - The action to perform. |
| 142 | * @param array $user_ids - The user IDs to remove from. |
| 143 | * |
| 144 | * @return string |
| 145 | * |
| 146 | * @since 2.2.2 |
| 147 | */ |
| 148 | public static function handle_bulk_actions( $redirect_url, $action, $user_ids ): string { |
| 149 | if ( ! current_user_can( 'manage_options' ) ) { |
| 150 | return esc_url_raw( \network_admin_url() ); |
| 151 | } |
| 152 | |
| 153 | if ( 'remove-2fa' === $action ) { |
| 154 | |
| 155 | foreach ( (array) $user_ids as $user_id ) { |
| 156 | User_Helper::remove_2fa_for_user( (int) $user_id ); |
| 157 | } |
| 158 | $redirect_url = add_query_arg( '2fa-removed', count( (array) $user_ids ), $redirect_url ); |
| 159 | } |
| 160 | |
| 161 | if ( class_exists( '\WP2FA\Extensions\TrustedDevices\Core' ) && 'remove-2fa-trusted' === $action ) { |
| 162 | |
| 163 | Core::remove_trusted_devices_for_users( (array) $user_ids ); |
| 164 | $redirect_url = add_query_arg( '2fa-trusted-removed', count( (array) $user_ids ), $redirect_url ); |
| 165 | } |
| 166 | // phpcs:disable |
| 167 | // phpcs:enable |
| 168 | |
| 169 | return esc_url_raw( $redirect_url ); |
| 170 | } |
| 171 | |
| 172 | /** |
| 173 | * Adds links to the on hover state of the users table row |
| 174 | * |
| 175 | * @param array $actions - Array with all the actions for the current row. |
| 176 | * @param \WP_User $user_object - The user object from the current row. |
| 177 | * |
| 178 | * @return array |
| 179 | * |
| 180 | * @since 2.4.0 |
| 181 | */ |
| 182 | public static function add_users_hover( $actions, $user_object ): array { |
| 183 | if ( class_exists( '\WP2FA\Extensions\TrustedDevices\Core' ) ) { |
| 184 | $actions['remove-2fa-trusted'] = "<a class='resetpassword' href='" . \esc_url( \wp_nonce_url( "users.php?action=remove-2fa-trusted&users=$user_object->ID", 'bulk-users' ) ) . "'>" . \esc_html__( 'Reset list of 2FA trusted devices', 'wp-2fa' ) . '</a>'; |
| 185 | } |
| 186 | // phpcs:disable |
| 187 | // phpcs:enable |
| 188 | return $actions; |
| 189 | } |
| 190 | |
| 191 | /** |
| 192 | * Handles the Admin notice for the users removed 2FA. |
| 193 | * |
| 194 | * @return void |
| 195 | * |
| 196 | * @since 2.2.2 |
| 197 | */ |
| 198 | public static function show_admin_notice() { |
| 199 | if ( ! empty( $_REQUEST['2fa-removed'] ) ) { |
| 200 | $num_changed = (int) $_REQUEST['2fa-removed']; |
| 201 | printf( |
| 202 | '<div id="message" class="updated notice is-dismissable"><p>' . |
| 203 | // translators: The number of the affected users. |
| 204 | \esc_html__( 'Removed 2FA from %d users.', 'wp-2fa' ) . |
| 205 | '</p></div>', |
| 206 | $num_changed |
| 207 | ); |
| 208 | } |
| 209 | if ( ! empty( $_REQUEST['2fa-trusted-removed'] ) ) { |
| 210 | $num_changed = (int) $_REQUEST['2fa-trusted-removed']; |
| 211 | printf( |
| 212 | '<div id="message" class="updated notice is-dismissable"><p>' . |
| 213 | // translators: The number of the affected users. |
| 214 | \esc_html__( 'Removed 2FA trusted devices from %d users.', 'wp-2fa' ) . |
| 215 | '</p></div>', |
| 216 | $num_changed |
| 217 | ); |
| 218 | } |
| 219 | } |
| 220 | } |
| 221 | } |
| 222 |