PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 4.0.0
WP 2FA – Two-factor authentication for WordPress v4.0.0
4.0.0 1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Admin / Methods / Traits / class-validation-trait.php
wp-2fa / includes / classes / Admin / Methods / Traits Last commit date
class-login-attempts.php 1 day ago class-methods-wizards-trait.php 1 day ago class-provider-trait.php 1 day ago class-settings-trait.php 1 day ago class-validation-trait.php 1 day ago class-white-label-trait.php 1 day ago index.php 1 day ago
class-validation-trait.php
83 lines
1 <?php
2 /**
3 * Responsible for the plugin validation
4 *
5 * @package wp2fa
6 * @subpackage traits
7 * @copyright 2026 Melapress
8 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
9 * @link https://wordpress.org/plugins/wp-2fa/
10 */
11
12 namespace WP2FA\Admin\Methods\Traits;
13
14 use WP2FA\Admin\Helpers\User_Helper;
15 use WP2FA\Admin\Controllers\Settings;
16
17 defined( 'ABSPATH' ) || exit; // Exit if accessed directly.
18
19 if ( ! class_exists( '\WP2FA\Admin\Methods\Traits\Validation' ) ) {
20 /**
21 * Responsible for the validation
22 *
23 * @since 2.9.2
24 */
25 trait Validation {
26
27 /**
28 * Validates the login via API.
29 *
30 * @param array $valid - The validation array.
31 * @param int $user_id - The user ID.
32 * @param string|null $token - The token to validate.
33 *
34 * @return array
35 */
36 public static function api_login_validate( array $valid, int $user_id, ?string $token ): array {
37 if ( ! Settings::is_provider_enabled_for_role( User_Helper::get_user_role( $user_id ), static::METHOD_NAME ) ) {
38 return $valid;
39 }
40
41 if ( static::METHOD_NAME !== User_Helper::get_enabled_method_for_user( $user_id ) ) {
42 return $valid;
43 }
44
45 if ( ! is_array( $valid ) || ! isset( $valid['valid'] ) ) {
46 $valid['valid'] = false;
47 }
48
49 // If the login is valid, return it as it is.
50 if ( true === $valid['valid'] ) {
51 return $valid;
52 }
53
54 if ( ! isset( $token ) || empty( $token ) ) {
55 return $valid;
56 }
57
58 // Sanitize the token to ensure it is safe to use.
59 $sanitized_token = \sanitize_text_field( $token );
60
61 $is_valid = static::validate_token( User_Helper::get_user( $user_id ), $sanitized_token );
62
63 if ( ! $is_valid ) {
64 $valid[ static::METHOD_NAME ]['error'] = \esc_html__( 'ERROR: Invalid verification code.', 'wp-2fa' );
65 }
66
67 $valid['valid'] = $is_valid;
68
69 return $valid;
70 }
71
72 /**
73 * Validates the token for the method.
74 *
75 * @param \WP_User $user - The user.
76 * @param string $token - The token.
77 *
78 * @return bool
79 */
80 abstract protected static function validate_token( \WP_User $user, string $token ): bool;
81 }
82 }
83