class-shortcodes.php
210 lines
| 1 | <?php |
| 2 | /** |
| 3 | * Responsible for rendering the short codes. |
| 4 | * |
| 5 | * @package wp2fa |
| 6 | * @subpackage short-codes |
| 7 | * @copyright 2025 Melapress |
| 8 | * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 |
| 9 | * @link https://wordpress.org/plugins/wp-2fa/ |
| 10 | */ |
| 11 | |
| 12 | declare(strict_types=1); |
| 13 | |
| 14 | namespace WP2FA\Shortcodes; |
| 15 | |
| 16 | use WP2FA\Core; |
| 17 | use WP2FA\WP2FA; |
| 18 | use WP2FA\Admin\User_Notices; |
| 19 | use WP2FA\Admin\User_Profile; |
| 20 | use WP2FA\Utils\Settings_Utils; |
| 21 | use WP2FA\Admin\Helpers\WP_Helper; |
| 22 | use WP2FA\Admin\Views\Re_Login_2FA; |
| 23 | use WP2FA\Admin\Helpers\User_Helper; |
| 24 | |
| 25 | if ( ! class_exists( '\WP2FA\Shortcodes\Shortcodes' ) ) { |
| 26 | /** |
| 27 | * Class for rendering shortcodes. |
| 28 | */ |
| 29 | class Shortcodes { |
| 30 | |
| 31 | /** |
| 32 | * Constructor. |
| 33 | */ |
| 34 | public static function init() { |
| 35 | \add_shortcode( 'wp-2fa-setup-form', array( __CLASS__, 'user_setup_2fa_form' ) ); |
| 36 | \add_shortcode( 'wp-2fa-setup-notice', array( __CLASS__, 'user_setup_2fa_notice' ) ); |
| 37 | \add_action( 'wp_enqueue_scripts', array( __CLASS__, 'register_2fa_shortcode_scripts' ) ); |
| 38 | } |
| 39 | |
| 40 | /** |
| 41 | * Register scripts and styles. |
| 42 | */ |
| 43 | public static function register_2fa_shortcode_scripts() { |
| 44 | // Add our front end stuff, which we only want to load when the shortcode is present. |
| 45 | \wp_register_script( 'wp_2fa_frontend_scripts', Core\script_url( 'wp-2fa', 'admin' ), array( 'jquery', 'wp_2fa_micro_modals' ), WP_2FA_VERSION, true ); |
| 46 | \wp_register_script( 'wp_2fa_micro_modals', Core\script_url( 'micromodal', 'admin' ), array(), WP_2FA_VERSION, true ); |
| 47 | \wp_register_style( 'wp_2fa_styles', Core\style_url( 'styles', 'frontend' ), array(), WP_2FA_VERSION ); |
| 48 | |
| 49 | $data_array = array( |
| 50 | 'ajaxURL' => \admin_url( 'admin-ajax.php' ), |
| 51 | 'roles' => WP_Helper::get_roles_wp(), |
| 52 | 'nonce' => \wp_create_nonce( 'wp-2fa-settings-nonce' ), |
| 53 | 'codesPreamble' => \esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ), |
| 54 | 'readyText' => \esc_html__( 'I\'m ready', 'wp-2fa' ), |
| 55 | 'codeReSentText' => \esc_html__( 'New code sent', 'wp-2fa' ), |
| 56 | 'allDoneHeading' => \esc_html__( 'All done.', 'wp-2fa' ), |
| 57 | 'allDoneText' => \esc_html__( 'Your login just got more secure.', 'wp-2fa' ), |
| 58 | 'closeWizard' => \esc_html__( 'Close Wizard', 'wp-2fa' ), |
| 59 | 'invalidEmail' => \esc_html__( 'Please use a valid email address', 'wp-2fa' ), |
| 60 | ); |
| 61 | \wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faData', $data_array ); |
| 62 | |
| 63 | $role = User_Helper::get_user_role(); |
| 64 | |
| 65 | $re_login = Settings_Utils::get_setting_role( $role, Re_Login_2FA::RE_LOGIN_SETTINGS_NAME ); |
| 66 | |
| 67 | $data_array = array( |
| 68 | 'ajaxURL' => \admin_url( 'admin-ajax.php' ), |
| 69 | 'nonce' => \wp_create_nonce( 'wp2fa-verify-wizard-page' ), |
| 70 | 'codesPreamble' => \esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ), |
| 71 | 'readyText' => \esc_html__( 'I\'m ready', 'wp-2fa' ), |
| 72 | 'codeReSentText' => \esc_html__( 'New code sent', 'wp-2fa' ), |
| 73 | 'invalidEmail' => \esc_html__( 'Please use a valid email address', 'wp-2fa' ), |
| 74 | 'backupCodesSent' => \esc_html__( 'Backup codes sent', 'wp-2fa' ), |
| 75 | 'reLogin' => $re_login, |
| 76 | 'reLoginEnabled' => Re_Login_2FA::ENABLED_SETTING_VALUE, |
| 77 | ); |
| 78 | $redirect_page = \sanitize_text_field( Settings_Utils::get_setting_role( $role, 'redirect-user-custom-page-global' ) ); |
| 79 | $data_array['redirectToUrl'] = ( '' !== trim( (string) $redirect_page ) ) ? \trailingslashit( get_site_url() ) . $redirect_page : ''; |
| 80 | // Check and override if custom redirect page is selected and custom redirect is set. |
| 81 | if ( |
| 82 | 'yes' === Settings_Utils::get_setting_role( $role, 'create-custom-user-page' ) || |
| 83 | 'yes' === Settings_Utils::get_setting_role( null, 'create-custom-user-page' ) ) { |
| 84 | if ( |
| 85 | '' !== trim( (string) Settings_Utils::get_setting_role( $role, 'redirect-user-custom-page' ) ) || |
| 86 | '' !== trim( (string) Settings_Utils::get_setting_role( null, 'redirect-user-custom-page' ) ) ) { |
| 87 | if ( 'yes' === Settings_Utils::get_setting_role( $role, 'create-custom-user-page' ) ) { |
| 88 | $data_array['redirectToUrl'] = \trailingslashit( get_site_url() ) . \sanitize_text_field( Settings_Utils::get_setting_role( $role, 'redirect-user-custom-page' ) ); |
| 89 | } else { |
| 90 | $data_array['redirectToUrl'] = \trailingslashit( get_site_url() ) . \sanitize_text_field( Settings_Utils::get_setting_role( null, 'redirect-user-custom-page' ) ); |
| 91 | } |
| 92 | } |
| 93 | } |
| 94 | |
| 95 | // Check for shortcode parameter - if one is present use it to redirect the user - highest priority. |
| 96 | if ( isset( $redirect_after ) && ! empty( $redirect_after ) ) { |
| 97 | $data_array['redirectToUrl'] = \trailingslashit( \get_site_url() ) . \urlencode( $redirect_after ); |
| 98 | } elseif ( isset( $_GET['return'] ) && ! empty( $_GET['return'] ) ) { |
| 99 | $data_array['redirectToUrl'] = \trailingslashit( \get_site_url() ) . strip_tags( \wp_unslash( $_GET['return'] ) ); // phpcs:ignore |
| 100 | } |
| 101 | |
| 102 | \wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faWizardData', $data_array ); |
| 103 | } |
| 104 | |
| 105 | /** |
| 106 | * Output setup form. |
| 107 | * |
| 108 | * @param array $atts - Array with the attributes passed to shortcode. |
| 109 | * |
| 110 | * @return string |
| 111 | */ |
| 112 | public static function user_setup_2fa_form( $atts ) { |
| 113 | $atts = \shortcode_atts( |
| 114 | array( |
| 115 | 'show_preamble' => 'true', |
| 116 | 'redirect_after' => '', |
| 117 | 'do_not_show_enabled' => 'false', |
| 118 | ), |
| 119 | $atts |
| 120 | ); |
| 121 | |
| 122 | $show_preamble = filter_var( $atts['show_preamble'], FILTER_VALIDATE_BOOLEAN ); |
| 123 | $redirect_after = sanitize_text_field( $atts['redirect_after'] ); |
| 124 | $do_not_show_enabled = filter_var( $atts['do_not_show_enabled'], FILTER_VALIDATE_BOOLEAN ); |
| 125 | |
| 126 | /** |
| 127 | * Fires when the FE shortcode scripts are registered. |
| 128 | * |
| 129 | * @param bool $shortcodes - True if called from the short codes method. |
| 130 | * |
| 131 | * @since 2.2.0 |
| 132 | */ |
| 133 | \do_action( WP_2FA_PREFIX . 'shortcode_scripts', true ); |
| 134 | |
| 135 | if ( is_user_logged_in() ) { |
| 136 | \wp_enqueue_script( 'wp_2fa_frontend_scripts' ); |
| 137 | \wp_enqueue_style( 'wp_2fa_styles' ); |
| 138 | |
| 139 | ob_start(); |
| 140 | echo '<form id="your-profile" class="wp-2fa-configuration-form">'; |
| 141 | User_Profile::inline_2fa_profile_form( 'output_shortcode', $show_preamble, array( 'do_not_show_enabled' => $do_not_show_enabled ) ); |
| 142 | echo '</form>'; |
| 143 | $content = ob_get_contents(); |
| 144 | ob_end_clean(); |
| 145 | |
| 146 | return $content; |
| 147 | } elseif ( ! is_admin() && ! is_user_logged_in() ) { |
| 148 | ob_start(); |
| 149 | $new_page_id = WP2FA::get_wp2fa_setting( 'custom-user-page-id' ); |
| 150 | $redirect_to = ! empty( $new_page_id ) ? \get_permalink( $new_page_id ) : \get_home_url(); |
| 151 | $link_markup = '<a href="' . \esc_url( \wp_login_url( $redirect_to ) ) . '">' . \esc_html__( 'Login here.', 'wp-2fa' ) . '</a>'; |
| 152 | $message = '<p id="wp_2fa_login_to_view_text">' . str_replace( '{login_url}', $link_markup, WP2FA::get_wp2fa_white_label_setting( 'login-to-view-area', true ) ) . '</p>'; |
| 153 | echo \wp_kses_post( $message ); |
| 154 | $content = ob_get_contents(); |
| 155 | ob_end_clean(); |
| 156 | return $content; |
| 157 | } |
| 158 | } |
| 159 | |
| 160 | /** |
| 161 | * Output setup nag. |
| 162 | * |
| 163 | * @param array $atts - Array with the attributes passed to shortcode. |
| 164 | * |
| 165 | * @return string |
| 166 | */ |
| 167 | public static function user_setup_2fa_notice( $atts ) { |
| 168 | $atts = \shortcode_atts( |
| 169 | array( |
| 170 | 'configure_2fa_url' => '', |
| 171 | ), |
| 172 | $atts |
| 173 | ); |
| 174 | |
| 175 | $configure_2fa_url = sanitize_text_field( $atts['configure_2fa_url'] ); |
| 176 | |
| 177 | // TODO: is that really necessary? |
| 178 | User_Notices::init(); |
| 179 | |
| 180 | if ( ! is_admin() && is_user_logged_in() ) { |
| 181 | \wp_enqueue_script( 'wp_2fa_micro_modals' ); |
| 182 | \wp_enqueue_script( 'wp_2fa_frontend_scripts' ); |
| 183 | \wp_enqueue_style( 'wp_2fa_styles' ); |
| 184 | |
| 185 | $data_array = array( |
| 186 | 'ajaxURL' => \admin_url( 'admin-ajax.php' ), |
| 187 | 'roles' => WP_Helper::get_roles_wp(), |
| 188 | 'nonce' => \wp_create_nonce( 'wp-2fa-settings-nonce' ), |
| 189 | 'codesPreamble' => \esc_html__( 'These are the 2FA backup codes for the user', 'wp-2fa' ), |
| 190 | 'readyText' => \esc_html__( 'I\'m ready', 'wp-2fa' ), |
| 191 | 'codeReSentText' => \esc_html__( 'New code sent', 'wp-2fa' ), |
| 192 | 'allDoneHeading' => \esc_html__( 'All done.', 'wp-2fa' ), |
| 193 | 'allDoneText' => \esc_html__( 'Your login just got more secure.', 'wp-2fa' ), |
| 194 | 'closeWizard' => \esc_html__( 'Close Wizard', 'wp-2fa' ), |
| 195 | ); |
| 196 | \wp_localize_script( 'wp_2fa_frontend_scripts', 'wp2faData', $data_array ); |
| 197 | |
| 198 | ob_start(); |
| 199 | User_Notices::user_setup_2fa_nag( 'output_shortcode', $configure_2fa_url ); |
| 200 | $content = ob_get_contents(); |
| 201 | ob_end_clean(); |
| 202 | |
| 203 | return $content; |
| 204 | } |
| 205 | |
| 206 | return ''; |
| 207 | } |
| 208 | } |
| 209 | } |
| 210 |