class-first-time-wizard-steps-new.php
5 days ago
class-first-time-wizard-steps.php
5 days ago
class-grace-period-notifications.php
5 days ago
class-passord-reset-2fa.php
5 days ago
class-re-login-2fa.php
5 days ago
class-wizard-steps.php
5 days ago
index.php
5 days ago
class-first-time-wizard-steps.php
611 lines
| 1 | <?php |
| 2 | /** |
| 3 | * Settings page render class. |
| 4 | * |
| 5 | * @package wp2fa |
| 6 | * @subpackage views |
| 7 | * @since 1.7.0 |
| 8 | * @copyright 2026 Melapress |
| 9 | * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 |
| 10 | * @link https://wordpress.org/plugins/wp-2fa/ |
| 11 | */ |
| 12 | |
| 13 | namespace WP2FA\Admin\Views; |
| 14 | |
| 15 | use WP2FA\WP2FA; |
| 16 | use WP2FA\Methods\TOTP; |
| 17 | use WP2FA\Methods\Backup_Codes; |
| 18 | use WP2FA\Utils\Settings_Utils; |
| 19 | use WP2FA\Admin\Helpers\WP_Helper; |
| 20 | |
| 21 | defined( 'ABSPATH' ) || exit; // Exit if accessed directly. |
| 22 | |
| 23 | if ( ! class_exists( '\WP2FA\Admin\Views\First_Time_Wizard_Steps' ) ) { |
| 24 | /** |
| 25 | * WP2FA First Wizard Settings view controller |
| 26 | * |
| 27 | * @since 1.7 |
| 28 | */ |
| 29 | class First_Time_Wizard_Steps { |
| 30 | |
| 31 | /** |
| 32 | * Select method step |
| 33 | * |
| 34 | * @since 1.7.0 |
| 35 | * |
| 36 | * @param boolean $setup_wizard - Boolean - is that first time wizard setup or settings page call. |
| 37 | * |
| 38 | * @return void |
| 39 | */ |
| 40 | public static function select_method( $setup_wizard = false ) { |
| 41 | |
| 42 | ob_start(); |
| 43 | ?> |
| 44 | <h3><?php \esc_html_e( 'Which 2FA methods can your users use?', 'wp-2fa' ); ?></h3> |
| 45 | <p class="description"> |
| 46 | <?php \esc_html_e( 'Allowing users to set up a secondary 2FA method is highly recommended. You can do this in the next step of the wizard. This will allow users to log in using an alternative method should they, for example lose access to their phone.', 'wp-2fa' ); ?> |
| 47 | </p> |
| 48 | <?php |
| 49 | $data_role = 'data-role="global"'; |
| 50 | if ( ! $setup_wizard ) { |
| 51 | ?> |
| 52 | <table class="form-table"> |
| 53 | <tbody> |
| 54 | <tr> |
| 55 | <th colspan="2"><?php \esc_html_e( 'Which of the below 2FA methods can users use?', 'wp-2fa' ); ?></th> |
| 56 | </tr> |
| 57 | <tr> |
| 58 | <th><label for="wp-2fa-method"><?php \esc_html_e( 'Select the methods', 'wp-2fa' ); ?></label></th> |
| 59 | <td> |
| 60 | <?php } ?> |
| 61 | <fieldset id="wp-2fa-method-select" class="wp-2fa-method-select"> |
| 62 | <p class="method-title" style="padding-bottom: 20px;"><em><?php \esc_html_e( 'Primary 2FA methods:', 'wp-2fa' ); ?></em></p> |
| 63 | <?php |
| 64 | /** |
| 65 | * Fired right after the TOTP method HTML rendering. |
| 66 | * |
| 67 | * @param bool $wizard - Is that a wizard call or settings call. |
| 68 | * @param string $data_role - String with the JS data to add to form element. |
| 69 | * @param string $name - The name of the role. |
| 70 | * |
| 71 | * @since 2.0.0 |
| 72 | */ |
| 73 | \do_action( WP_2FA_PREFIX . 'methods_setup', $setup_wizard, $data_role, null ); |
| 74 | ?> |
| 75 | <br /> |
| 76 | <?php |
| 77 | if ( ! $setup_wizard ) { |
| 78 | $class = ''; |
| 79 | |
| 80 | if ( '' === trim( (string) Settings_Utils::get_setting_role( null, TOTP::POLICY_SETTINGS_NAME, true ) ) && '' === trim( (string) Settings_Utils::get_setting_role( null, 'enable_email', true ) ) && '' === trim( (string) Settings_Utils::get_setting_role( null, 'enable_oob_email', true ) ) ) { |
| 81 | $class = 'disabled'; |
| 82 | } |
| 83 | ?> |
| 84 | <div class="method-title"><em><?php \esc_html_e( 'Secondary 2FA methods:', 'wp-2fa' ); ?></em></div> |
| 85 | <br> |
| 86 | <label for="backup-codes" class=" <?php echo \esc_attr( $class ); ?>"> |
| 87 | <input type="checkbox" class="<?php echo \esc_attr( $class ); ?>" id="backup-codes" name="wp_2fa_policy[backup_codes_enabled]" |
| 88 | <?php echo esc_attr( $data_role ); ?> |
| 89 | value="yes" |
| 90 | <?php \checked( WP2FA::get_wp2fa_setting( Backup_Codes::get_settings_name() ), Backup_Codes::get_settings_default_value() ); ?> |
| 91 | > |
| 92 | <?php |
| 93 | \esc_html_e( 'Backup codes', 'wp-2fa' ); |
| 94 | if ( $setup_wizard ) { |
| 95 | echo '<p class="description">Note: '; |
| 96 | } else { |
| 97 | echo ' - '; |
| 98 | } |
| 99 | \esc_html_e( 'Backup codes are a secondary method which you can use to log in to the website in case the primary 2FA method is unavailable. Therefore they can\'t be enabled and used as a primary method.', 'wp-2fa' ); |
| 100 | if ( $setup_wizard ) { |
| 101 | echo '</p>'; |
| 102 | } |
| 103 | ?> |
| 104 | </label> |
| 105 | <?php |
| 106 | /** |
| 107 | * Fires after the backup methods HTML rendering is finished. |
| 108 | * |
| 109 | * @param bool $wizard - Is that wizard ot standard setting. |
| 110 | * @param string $data_role - The JS data attribute for the form inputs. |
| 111 | * @param string $role - The name of the user role. |
| 112 | * |
| 113 | * @since 2.0.0 |
| 114 | */ |
| 115 | \do_action( WP_2FA_PREFIX . 'after_backup_methods_setup', $setup_wizard, $data_role, null ); |
| 116 | } |
| 117 | ?> |
| 118 | </fieldset> |
| 119 | <?php |
| 120 | if ( ! $setup_wizard ) { |
| 121 | ?> |
| 122 | </td> |
| 123 | </tr> |
| 124 | </tbody> |
| 125 | </table> |
| 126 | <?php } ?> |
| 127 | <?php |
| 128 | $output = ob_get_clean(); |
| 129 | |
| 130 | /** |
| 131 | * At this point, none of the default providers is set / activated. This filter allows additional providers to change the behavior. Checking the input array for specific values (methods), and based on that we can raise error that none of the allowed methods has bees selected by the user, or dismiss the error otherwise. |
| 132 | * |
| 133 | * @param string $output - Parsed HTML with the methods. |
| 134 | * @param bool $setup_wizard - The type of the wizard (first time wizard / settings). |
| 135 | * |
| 136 | * @since 2.0.0 |
| 137 | */ |
| 138 | $output = apply_filters( WP_2FA_PREFIX . 'select_methods', $output, $setup_wizard ); |
| 139 | |
| 140 | echo $output; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped |
| 141 | } |
| 142 | |
| 143 | /** |
| 144 | * Builds the backup methods html |
| 145 | * |
| 146 | * @param boolean $setup_wizard - Is that call from the Wizard or not. |
| 147 | * |
| 148 | * @return void |
| 149 | * |
| 150 | * @since 2.4.1 |
| 151 | */ |
| 152 | public static function backup_method( $setup_wizard = false ) { |
| 153 | |
| 154 | ob_start(); |
| 155 | ?> |
| 156 | <h3><?php \esc_html_e( 'Which secondary 2FA methods can users use?', 'wp-2fa' ); ?></h3> |
| 157 | <p class="description"> |
| 158 | <?php \esc_html_e( 'A secondary 2FA method acts as a backup when the primary method cannot be used. For example, if a user loses access to their phone, the device runs out of battery, or email delivery fails. We strongly recommend allowing users to configure at least one backup method at all times.', 'wp-2fa' ); ?> |
| 159 | </p> |
| 160 | <p class="description"> |
| 161 | <?php \esc_html_e( 'Available secondary 2FA methods:', 'wp-2fa' ); ?> |
| 162 | </p> |
| 163 | |
| 164 | <br> |
| 165 | |
| 166 | <fieldset> |
| 167 | <label for="backup-codes"> |
| 168 | <input type="checkbox" id="backup-codes-global" name="wp_2fa_policy[backup_codes_enabled]" value="yes" |
| 169 | <?php checked( WP2FA::get_wp2fa_setting( Backup_Codes::get_settings_name(), true ), Backup_Codes::get_settings_default_value() ); ?> |
| 170 | > |
| 171 | <?php \esc_html_e( 'Backup codes', 'wp-2fa' ); ?> |
| 172 | </label> |
| 173 | |
| 174 | <?php |
| 175 | echo '<p class="description">'; |
| 176 | printf( // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped |
| 177 | '%1$s <a href="%2$s" target="_blank" rel="noopener noreferrer">%3$s</a> <br><br>', |
| 178 | \esc_html__( 'Backup codes allow users to log in to WordPress should they find themselves unable to log in via the primary 2FA method. Backup codes are enabled by default and are generated during the 2FA configuration process. Each backup code can be used only once. Once the initial list is exhausted, more backup codes can be generated through the user’s WordPress profile page - ', 'wp-2fa' ), |
| 179 | esc_url( 'https://melapress.com/support/kb/wp-2fa-what-are-2fa-backup-codes/?&utm_source=plugin&utm_medium=wp2fa&utm_campaign=backup_codes_info' ), |
| 180 | \esc_html__( 'More information', 'wp-2fa' ) |
| 181 | ); |
| 182 | echo '</p>'; |
| 183 | ?> |
| 184 | |
| 185 | <?php |
| 186 | // @free:start |
| 187 | echo '<label>'; |
| 188 | printf( // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped |
| 189 | '%1$s <a href="%2$s" target="_blank" rel="noopener noreferrer">%3$s</a> %4$s', |
| 190 | \esc_html__( 'Upgrade to WP 2FA Premium for', 'wp-2fa' ), |
| 191 | esc_url( 'https://melapress.com/wordpress-2fa/features/?&utm_source=plugin&utm_medium=wp2fa&utm_campaign=upgrade_to_premium' ), |
| 192 | \esc_html__( 'more alternative 2FA methods', 'wp-2fa' ), |
| 193 | \esc_html__( 'to give your users more options.', 'wp-2fa' ) |
| 194 | ); |
| 195 | echo '<label>'; |
| 196 | // @free:end |
| 197 | ?> |
| 198 | </fieldset> |
| 199 | <?php |
| 200 | ?> |
| 201 | <?php |
| 202 | $output = ob_get_clean(); |
| 203 | $output = \apply_filters( WP_2FA_PREFIX . 'backup_methods', $output, $setup_wizard ); |
| 204 | |
| 205 | echo $output; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped |
| 206 | } |
| 207 | |
| 208 | /** |
| 209 | * Enforcement policy step |
| 210 | * |
| 211 | * @since 1.7.0 |
| 212 | * |
| 213 | * @param boolean $setup_wizard - Boolean - is that first time wizard setup or settings page call. |
| 214 | * |
| 215 | * @return void |
| 216 | */ |
| 217 | public static function enforcement_policy( $setup_wizard = false ) { |
| 218 | ?> |
| 219 | <h3 id="enforcement_settings"><?php \esc_html_e( 'Do you want to enforce 2FA for some, or all users?', 'wp-2fa' ); ?></h3> |
| 220 | <p class="description"> |
| 221 | <?php \esc_html_e( 'When 2FA is enforced, users will be prompted to configure it the next time they log in. Users are given a grace period to complete the setup before 2FA becomes mandatory. You can configure the grace period and exclude specific users or roles later from the plugin\'s settings.', 'wp-2fa' ); ?> <a href="https://melapress.com/support/kb/wp-2fa-configure-2fa-policies-enforce/?&utm_source=plugin&utm_medium=wp2fa&utm_campaign=enforcement_policy_help" target="_blank" rel=noopener><?php \esc_html_e( 'Learn more.', 'wp-2fa' ); ?></a> |
| 222 | </p> |
| 223 | <?php |
| 224 | if ( ! $setup_wizard ) { |
| 225 | ?> |
| 226 | <table class="form-table js-enforcement-policy-section"> |
| 227 | <tbody> |
| 228 | <tr> |
| 229 | <th><label for="enforcement-policy"><?php \esc_html_e( 'Enforce 2FA on', 'wp-2fa' ); ?></label></th> |
| 230 | <td> |
| 231 | <?php } ?> |
| 232 | <fieldset class="contains-hidden-inputs"> |
| 233 | <label for="all-users" style="margin:.35em 0 .5em !important; display: block;"> |
| 234 | <input type="radio" name="wp_2fa_policy[enforcement-policy]" id="all-users" value="all-users" |
| 235 | <?php checked( WP2FA::get_wp2fa_setting( 'enforcement-policy' ), 'all-users' ); ?> |
| 236 | > |
| 237 | <span><?php \esc_html_e( 'All users', 'wp-2fa' ); ?></span> |
| 238 | </label> |
| 239 | |
| 240 | <?php if ( WP_Helper::is_multisite() ) { ?> |
| 241 | <label for="superadmins-only" style="margin:.35em 0 .5em !important; display: block;"> |
| 242 | <input type="radio" name="wp_2fa_policy[enforcement-policy]" id="superadmins-only" value="superadmins-only" |
| 243 | <?php checked( WP2FA::get_wp2fa_setting( 'enforcement-policy' ), 'superadmins-only' ); ?> /> |
| 244 | <span><?php \esc_html_e( 'Only super admins', 'wp-2fa' ); ?></span> |
| 245 | </label> |
| 246 | <label for="superadmins-siteadmins-only" style="margin:.35em 0 .5em !important; display: block;"> |
| 247 | <input type="radio" name="wp_2fa_policy[enforcement-policy]" id="superadmins-siteadmins-only" value="superadmins-siteadmins-only" |
| 248 | <?php checked( WP2FA::get_wp2fa_setting( 'enforcement-policy' ), 'superadmins-siteadmins-only' ); ?> /> |
| 249 | <span><?php \esc_html_e( 'Only super admins and site admins', 'wp-2fa' ); ?></span> |
| 250 | </label> |
| 251 | <?php } ?> |
| 252 | |
| 253 | <label for="certain-roles-only" style="margin:.35em 0 .5em !important; display: block;"> |
| 254 | <?php $checked = in_array( WP2FA::get_wp2fa_setting( 'enforcement-policy' ), array( 'certain-roles-only', 'certain-users-only' ), true ); ?> |
| 255 | <input type="radio" name="wp_2fa_policy[enforcement-policy]" id="certain-roles-only" value="certain-roles-only" |
| 256 | <?php ( $setup_wizard ) ? checked( WP2FA::get_wp2fa_setting( 'enforcement-policy' ), 'certain-roles-only' ) : checked( $checked ); ?> |
| 257 | data-unhide-when-checked=".certain-roles-only-inputs, .certain-users-only-inputs"> |
| 258 | <span><?php \esc_html_e( 'Only for specific users and roles', 'wp-2fa' ); ?></span> |
| 259 | </label> |
| 260 | <fieldset class="hidden certain-users-only-inputs"> |
| 261 | <div> |
| 262 | <p> |
| 263 | <label for="enforced_users-multi-select"><?php \esc_html_e( 'Users :', 'wp-2fa' ); ?></label> <select multiple="multiple" id="enforced_users-multi-select" name="wp_2fa_policy[enforced_users][]" style=" display:none;width:<?php echo ( $setup_wizard ) ? '100' : '50'; ?>%"> |
| 264 | <?php |
| 265 | $enforced_users = (array) WP2FA::get_wp2fa_setting( 'enforced_users' ); |
| 266 | foreach ( $enforced_users as $user ) { |
| 267 | ?> |
| 268 | <option selected="selected" value="<?php echo \esc_attr( $user ); ?>"><?php echo \esc_attr( $user ); ?></option> |
| 269 | <?php |
| 270 | } |
| 271 | ?> |
| 272 | </select> |
| 273 | </p> |
| 274 | </div> |
| 275 | </fieldset> |
| 276 | <fieldset class="hidden certain-roles-only-inputs"> |
| 277 | <div> |
| 278 | <p style="margin-top: 0;"> |
| 279 | <label for="enforced-roles-multi-select"><?php \esc_html_e( 'Roles :', 'wp-2fa' ); ?></label> |
| 280 | <select multiple="multiple" id="enforced-roles-multi-select" name="wp_2fa_policy[enforced_roles][]" style=" display:none;width:<?php echo ( $setup_wizard ) ? '100' : '50'; ?>%"> |
| 281 | <?php |
| 282 | $all_roles = WP_Helper::get_roles_wp(); |
| 283 | $enforced_roles = (array) WP2FA::get_wp2fa_setting( 'enforced_roles' ); |
| 284 | foreach ( $all_roles as $role => $role_name ) { |
| 285 | $selected = ''; |
| 286 | if ( in_array( $role, $enforced_roles, true ) ) { |
| 287 | $selected = 'selected="selected"'; |
| 288 | } |
| 289 | ?> |
| 290 | <option <?php echo $selected; ?> value="<?php echo \esc_attr( strtolower( $role ) ); ?>"><?php echo \esc_html( $role_name ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?></option> |
| 291 | <?php |
| 292 | } |
| 293 | ?> |
| 294 | </select> |
| 295 | </p> |
| 296 | </div> |
| 297 | <?php if ( WP_Helper::is_multisite() ) { ?> |
| 298 | <p class="description"> |
| 299 | <input type="checkbox" name="wp_2fa_policy[superadmins-role-add]" id="superadmins-role-add" value="yes" style="position: relative; top: -3px;" |
| 300 | <?php checked( WP2FA::get_wp2fa_setting( 'superadmins-role-add' ), 'yes' ); ?> /> |
| 301 | <label for="superadmins-role-add"><?php \esc_html_e( 'Also enforce 2FA on network users with super admin privileges', 'wp-2fa' ); ?></label> |
| 302 | </p> |
| 303 | <?php } ?> |
| 304 | </fieldset> |
| 305 | <?php if ( WP_Helper::is_multisite() ) { ?> |
| 306 | <div> |
| 307 | <label for="enforce-on-multisite" style="margin:.35em 0 .5em !important; display: block;"> |
| 308 | <input type="radio" name="wp_2fa_policy[enforcement-policy]" id="enforce-on-multisite" value="enforce-on-multisite" |
| 309 | <?php checked( WP2FA::get_wp2fa_setting( 'enforcement-policy' ), 'enforce-on-multisite' ); ?> |
| 310 | data-unhide-when-checked=".all-sites"> |
| 311 | <span><?php \esc_html_e( 'These sub-sites', 'wp-2fa' ); ?></span> |
| 312 | </label> |
| 313 | <fieldset class="hidden all-sites"> |
| 314 | <p> |
| 315 | <label for="enforced-sites-multi-select"><?php \esc_html_e( 'Sites :', 'wp-2fa' ); ?></label> <select multiple="multiple" id="enforced-sites-multi-select" name="wp_2fa_policy[included_sites][]" style="display:none; width:<?php echo ( $setup_wizard ) ? '100' : '50'; ?>%"> |
| 316 | <?php |
| 317 | $selected_sites = (array) WP2FA::get_wp2fa_setting( 'included_sites' ); |
| 318 | foreach ( WP_Helper::get_multi_sites() as $site ) { |
| 319 | $args = array( |
| 320 | 'blog_id' => $site->blog_id, |
| 321 | ); |
| 322 | |
| 323 | // $current_blog_details = get_blog_details( $args ); |
| 324 | $selected = ''; |
| 325 | if ( in_array( $site->blog_id, $selected_sites, true ) ) { |
| 326 | $selected = 'selected="selected"'; |
| 327 | } |
| 328 | ?> |
| 329 | <option <?php echo $selected; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?> value="<?php echo \esc_attr( $site->blog_id ); ?>"><?php echo \esc_html( $site->blogname ); ?></option> |
| 330 | <?php |
| 331 | } |
| 332 | ?> |
| 333 | </select> |
| 334 | </p> |
| 335 | </fieldset> |
| 336 | </div> |
| 337 | <?php } ?> |
| 338 | <div> |
| 339 | <label for="do-not-enforce" style="margin:.35em 0 .5em !important; display: block;"> |
| 340 | <input type="radio" name="wp_2fa_policy[enforcement-policy]" id="do-not-enforce" value="do-not-enforce" |
| 341 | <?php checked( WP2FA::get_wp2fa_setting( 'enforcement-policy' ), 'do-not-enforce' ); ?> |
| 342 | > |
| 343 | <span><?php \esc_html_e( 'Do not enforce on any users', 'wp-2fa' ); ?></span> |
| 344 | </label> |
| 345 | </div> |
| 346 | <br/> |
| 347 | </fieldset> |
| 348 | <?php |
| 349 | if ( ! $setup_wizard ) { |
| 350 | ?> |
| 351 | </td> |
| 352 | </tr> |
| 353 | </tbody> |
| 354 | </table> |
| 355 | <?php |
| 356 | } |
| 357 | } |
| 358 | |
| 359 | /** |
| 360 | * Exclude users and groups |
| 361 | * |
| 362 | * @since 1.7.0 |
| 363 | * |
| 364 | * @param boolean $setup_wizard - Boolean - is that first time wizard setup or settings page call. |
| 365 | * |
| 366 | * @return void |
| 367 | */ |
| 368 | public static function exclude_users( $setup_wizard = false ) { |
| 369 | ?> |
| 370 | <h3><?php \esc_html_e( 'Do you want to exclude any users or roles from 2FA? ', 'wp-2fa' ); ?></h3> |
| 371 | <p class="description"> |
| 372 | <?php \esc_html_e( 'If you are enforcing 2FA on all users but for some reason you would like to exclude individual user(s) or users with a specific role, you can exclude them below', 'wp-2fa' ); ?> |
| 373 | </p> |
| 374 | <?php |
| 375 | if ( ! $setup_wizard ) { |
| 376 | ?> |
| 377 | <table class="form-table js-enforcement-policy-section"> |
| 378 | <tbody> |
| 379 | <tr> |
| 380 | <th><label id="exclude-users" for="excluded-users-multi-select"><?php \esc_html_e( 'Exclude the following users', 'wp-2fa' ); ?></label></th> |
| 381 | <td> |
| 382 | <?php } else { ?> |
| 383 | <label for="excluded-users-multi-select"><?php \esc_html_e( 'Exclude the following users', 'wp-2fa' ); ?> |
| 384 | <?php } ?> |
| 385 | <fieldset> |
| 386 | <div> |
| 387 | <select multiple="multiple" id="excluded-users-multi-select" name="wp_2fa_policy[excluded_users][]" style=" display:none;width:<?php echo ( $setup_wizard ) ? '100' : '50'; ?>%"> |
| 388 | <?php |
| 389 | $excluded_users = (array) WP2FA::get_wp2fa_setting( 'excluded_users' ); |
| 390 | foreach ( $excluded_users as $user ) { |
| 391 | ?> |
| 392 | <option selected="selected" value="<?php echo \esc_attr( $user ); ?>"><?php echo \esc_html( $user ); ?></option> |
| 393 | <?php |
| 394 | } |
| 395 | ?> |
| 396 | </select> |
| 397 | </div> |
| 398 | <?php |
| 399 | if ( ! $setup_wizard ) { |
| 400 | ?> |
| 401 | |
| 402 | </td> |
| 403 | </tr> |
| 404 | <tr> |
| 405 | <th><label for="excluded-roles-multi-select"><?php \esc_html_e( 'Exclude the following roles', 'wp-2fa' ); ?></label></th> |
| 406 | <td> |
| 407 | <p> |
| 408 | <?php } else { ?> |
| 409 | <br> |
| 410 | <label for="excluded-roles-multi-select"><?php \esc_html_e( 'Exclude the following roles', 'wp-2fa' ); ?></label> |
| 411 | <?php } ?> |
| 412 | <select multiple="multiple" id="excluded-roles-multi-select" name="wp_2fa_policy[excluded_roles][]" style=" display:none;width:<?php echo ( $setup_wizard ) ? '100' : '50'; ?>%"> |
| 413 | <?php |
| 414 | $all_roles = WP_Helper::get_roles_wp(); |
| 415 | $excluded_roles = (array) WP2FA::get_wp2fa_setting( 'excluded_roles' ); |
| 416 | foreach ( $all_roles as $role => $role_name ) { |
| 417 | $selected = ''; |
| 418 | if ( in_array( strtolower( $role ), $excluded_roles, true ) ) { |
| 419 | $selected = 'selected="selected"'; |
| 420 | } |
| 421 | ?> |
| 422 | <option <?php echo $selected; // phpcs:ignore ?> value="<?php echo \esc_attr( strtolower( $role ) ); ?>"><?php echo \esc_html( $role_name ); ?></option> |
| 423 | <?php |
| 424 | } |
| 425 | ?> |
| 426 | </select> |
| 427 | <br> |
| 428 | <?php if ( WP_Helper::is_multisite() ) { ?> |
| 429 | <div style="margin-top:10px;"> |
| 430 | <input type="checkbox" name="wp_2fa_policy[superadmins-role-exclude]" id="superadmins-role-exclude" value="yes" |
| 431 | <?php checked( WP2FA::get_wp2fa_setting( 'superadmins-role-exclude' ), 'yes' ); ?> /> |
| 432 | <label for="superadmins-role-exclude"><?php \esc_html_e( 'Also exclude users with super admin privilege', 'wp-2fa' ); ?></label> |
| 433 | </div> |
| 434 | <?php } ?> |
| 435 | </fieldset> |
| 436 | <?php |
| 437 | if ( ! $setup_wizard ) { |
| 438 | ?> |
| 439 | </td> |
| 440 | </tr> |
| 441 | </tbody> |
| 442 | </table> |
| 443 | <?php } ?> |
| 444 | <?php |
| 445 | } |
| 446 | |
| 447 | /** |
| 448 | * Which network sites to exclude (for multisite instal) |
| 449 | * |
| 450 | * @since 1.7.0 |
| 451 | * |
| 452 | * @param boolean $setup_wizard - Boolean - is that first time wizard setup or settings page call. |
| 453 | * |
| 454 | * @return void |
| 455 | */ |
| 456 | public static function excluded_network_sites( $setup_wizard = false ) { |
| 457 | ?> |
| 458 | <h3><?php \esc_html_e( 'Do you want to exclude all the users of a site from 2FA?', 'wp-2fa' ); ?></h3> |
| 459 | <p class="description"> |
| 460 | <?php \esc_html_e( 'If you are enforcing 2FA on all users but for some reason you do not want to enforce it on a specific sub site, specify the sub site name below:', 'wp-2fa' ); ?> |
| 461 | </p> |
| 462 | <?php |
| 463 | if ( ! $setup_wizard ) { |
| 464 | ?> |
| 465 | <table class="form-table js-enforcement-policy-section"> |
| 466 | <tbody> |
| 467 | <tr> |
| 468 | <th><label for="excluded-sites-multi-select"><?php \esc_html_e( 'Exclude the following sites', 'wp-2fa' ); ?></label></th> |
| 469 | <td> |
| 470 | <?php } ?> |
| 471 | <fieldset> |
| 472 | <?php |
| 473 | if ( $setup_wizard ) { |
| 474 | ?> |
| 475 | |
| 476 | <div class="option-pill"> |
| 477 | <label for="excluded_sites_search"><?php \esc_html_e( 'Exclude the following sites', 'wp-2fa' ); ?> |
| 478 | <?php } ?> |
| 479 | <select multiple="multiple" id="excluded-sites-multi-select" name="wp_2fa_policy[excluded_sites]" style=" display:none;width:<?php echo ( $setup_wizard ) ? '100' : '50'; ?>%"> |
| 480 | <?php |
| 481 | $excluded_sites = (array) WP2FA::get_wp2fa_setting( 'excluded_sites' ); |
| 482 | if ( ! empty( $excluded_sites ) ) { |
| 483 | foreach ( $excluded_sites as $site_id ) { |
| 484 | $site = get_blog_details( $site_id )->blogname; |
| 485 | ?> |
| 486 | <option selected="selected" value="<?php echo \esc_attr( $site_id ); ?>"><?php echo \esc_html( $site ); ?></option> |
| 487 | <?php |
| 488 | } |
| 489 | } |
| 490 | ?> |
| 491 | </select> |
| 492 | <?php |
| 493 | if ( $setup_wizard ) { |
| 494 | ?> |
| 495 | </label> |
| 496 | </div> |
| 497 | <?php } ?> |
| 498 | </fieldset> |
| 499 | <?php |
| 500 | if ( ! $setup_wizard ) { |
| 501 | ?> |
| 502 | </td> |
| 503 | </tr> |
| 504 | </tbody> |
| 505 | </table> |
| 506 | <?php } ?> |
| 507 | <?php |
| 508 | } |
| 509 | |
| 510 | /** |
| 511 | * Set the grace period |
| 512 | * |
| 513 | * @since 1.7.0 |
| 514 | * |
| 515 | * @param boolean $setup_wizard - Boolean - is that first time wizard setup or settings page call. |
| 516 | * |
| 517 | * @return void |
| 518 | */ |
| 519 | public static function grace_period( $setup_wizard = false ) { |
| 520 | $grace_period = (int) WP2FA::get_wp2fa_setting( 'grace-period', true ); |
| 521 | /** |
| 522 | * Via that, you can change the grace period TTL. |
| 523 | * |
| 524 | * @param bool - Default at this point is true - no method is selected. |
| 525 | */ |
| 526 | $testing = apply_filters( WP_2FA_PREFIX . 'allow_grace_period_in_seconds', false ); |
| 527 | if ( $testing ) { |
| 528 | $grace_max = 600; |
| 529 | } else { |
| 530 | $grace_max = 90; |
| 531 | } |
| 532 | ?> |
| 533 | <fieldset class="contains-hidden-inputs"> |
| 534 | <label for="no-grace-period" style="margin-bottom: 10px; display: block;"> |
| 535 | <input type="radio" name="wp_2fa_policy[grace-policy]" id="no-grace-period" value="no-grace-period" |
| 536 | <?php checked( WP2FA::get_wp2fa_setting( 'grace-policy' ), 'no-grace-period' ); ?> |
| 537 | > |
| 538 | <span><?php \esc_html_e( 'Users have to configure 2FA straight away.', 'wp-2fa' ); ?></span> |
| 539 | </label> |
| 540 | |
| 541 | <label for="use-grace-period"> |
| 542 | <input type="radio" name="wp_2fa_policy[grace-policy]" id="use-grace-period" value="use-grace-period" |
| 543 | <?php checked( WP2FA::get_wp2fa_setting( 'grace-policy' ), 'use-grace-period' ); ?> |
| 544 | data-unhide-when-checked=".grace-period-inputs"> |
| 545 | <span><?php \esc_html_e( 'Give users a grace period to configure 2FA', 'wp-2fa' ); ?></span> |
| 546 | </label> |
| 547 | <fieldset class="hidden grace-period-inputs"> |
| 548 | <br/> |
| 549 | <input type="number" id="grace-period" name="wp_2fa_policy[grace-period]" value="<?php echo \esc_attr( $grace_period ); ?>" min="1" max="<?php echo \esc_attr( $grace_max ); ?>"> |
| 550 | <label class="radio-inline"> |
| 551 | <input class="js-nested" type="radio" name="wp_2fa_policy[grace-period-denominator]" value="hours" |
| 552 | <?php checked( WP2FA::get_wp2fa_setting( 'grace-period-denominator' ), 'hours' ); ?> |
| 553 | > |
| 554 | <?php \esc_html_e( 'hours', 'wp-2fa' ); ?> |
| 555 | </label> |
| 556 | <label class="radio-inline"> |
| 557 | <input class="js-nested" type="radio" name="wp_2fa_policy[grace-period-denominator]" value="days" |
| 558 | <?php checked( WP2FA::get_wp2fa_setting( 'grace-period-denominator' ), 'days' ); ?> |
| 559 | > |
| 560 | <?php \esc_html_e( 'days', 'wp-2fa' ); ?> |
| 561 | </label> |
| 562 | <?php |
| 563 | /** |
| 564 | * Fires after the grace period. Gives the ability to change the parsed code. |
| 565 | * |
| 566 | * @param string $content - HTML content. |
| 567 | * @param string $role - The name of the role. |
| 568 | * @param string $name_prefix - Name prefix for the input name, includes the role name if provided. |
| 569 | * @param string $data_role - Data attribute - used by the JS. |
| 570 | * @param string $role_id - The role name, used to identify the inputs. |
| 571 | * |
| 572 | * @since 2.0.0 |
| 573 | */ |
| 574 | $after_grace_content = \apply_filters( WP_2FA_PREFIX . 'after_grace_period', '', '', 'wp_2fa_policy' ); |
| 575 | echo $after_grace_content; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped |
| 576 | ?> |
| 577 | <?php |
| 578 | /** |
| 579 | * Via that, you can change the grace period TTL. |
| 580 | * |
| 581 | * @param bool - Default at this point is true - no method is selected. |
| 582 | */ |
| 583 | $testing = \apply_filters( WP_2FA_PREFIX . 'allow_grace_period_in_seconds', false ); |
| 584 | if ( $testing ) { |
| 585 | ?> |
| 586 | <label class="radio-inline"> |
| 587 | <input class="js-nested" type="radio" name="wp_2fa_policy[grace-period-denominator]" value="seconds" |
| 588 | <?php \checked( WP2FA::get_wp2fa_setting( 'grace-period-denominator' ), 'seconds' ); ?> |
| 589 | > |
| 590 | <?php \esc_html_e( 'Seconds', 'wp-2fa' ); ?> |
| 591 | </label> |
| 592 | <?php |
| 593 | } |
| 594 | |
| 595 | if ( $setup_wizard ) { |
| 596 | $user = \wp_get_current_user(); |
| 597 | $last_user_to_update_settings = $user->ID; |
| 598 | |
| 599 | ?> |
| 600 | <input type="hidden" id="wp-2fa_main_user" name="wp_2fa_policy[2fa_settings_last_updated_by]" value="<?php echo \esc_attr( $last_user_to_update_settings ); ?>"> |
| 601 | <?php } else { ?> |
| 602 | <p><?php \esc_html_e( 'Note: If users do not configure it within the configured stipulated time, their account will be locked and have to be unlocked manually.', 'wp-2fa' ); ?></p> |
| 603 | <?php } ?> |
| 604 | </fieldset> |
| 605 | <br/> |
| 606 | </fieldset> |
| 607 | <?php |
| 608 | } |
| 609 | } |
| 610 | } |
| 611 |