PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 4.0.0
WP 2FA – Two-factor authentication for WordPress v4.0.0
4.0.0 1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Admin / Views / class-re-login-2fa.php
wp-2fa / includes / classes / Admin / Views Last commit date
class-first-time-wizard-steps-new.php 5 days ago class-first-time-wizard-steps.php 5 days ago class-grace-period-notifications.php 5 days ago class-passord-reset-2fa.php 5 days ago class-re-login-2fa.php 5 days ago class-wizard-steps.php 5 days ago index.php 5 days ago
class-re-login-2fa.php
172 lines
1 <?php
2 /**
3 * Roles and main settings user login again after 2FA setup class.
4 *
5 * @package wp2fa
6 * @subpackage views
7 *
8 * @copyright 2026 Melapress
9 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
10 *
11 * @see https://wordpress.org/plugins/wp-2fa/
12 */
13
14 declare(strict_types=1);
15
16 namespace WP2FA\Admin\Views;
17
18 use WP2FA\Admin\Helpers\User_Helper;
19 use WP2FA\Utils\Settings_Utils;
20
21 if ( ! class_exists( '\WP2FA\Admin\Views\Re_Login_2FA' ) ) {
22 /**
23 * Re_Login_2FA - Class for rendering the plugin settings related to 2fa when user sets the 2FA method.
24 *
25 * @since 2.7.0
26 */
27 class Re_Login_2FA {
28 public const RE_LOGIN_SETTINGS_NAME = 're-login-2fa-show';
29
30 public const ENABLED_SETTING_VALUE = 're-login-2fa';
31
32 /**
33 * Inits all the class related hooks.
34 *
35 * @return void
36 *
37 * @since 2.7.0
38 */
39 public static function init() {
40 if ( \is_admin() ) {
41 \add_filter( WP_2FA_PREFIX . 'before_grace_period', array( __CLASS__, 're_login_setting' ), 11, 5 );
42 \add_filter( WP_2FA_PREFIX . 'loop_settings', array( __CLASS__, 'add_setting_value' ) );
43 \add_action( 'wp_ajax_custom_ajax_logout', array( __CLASS__, 'redirect_after_logout' ) );
44 }
45 \add_filter( WP_2FA_PREFIX . 'default_settings', array( __CLASS__, 'add_default_settings' ) );
46 }
47
48 /**
49 * Logs out the current user and sends success message to the ajax request.
50 *
51 * @return void
52 *
53 * @since 2.7.0
54 */
55 public static function redirect_after_logout() {
56 $enabled_method = User_Helper::get_enabled_method_for_user();
57 if ( empty( $enabled_method ) ) {
58 \wp_send_json_error();
59 }
60 \wp_logout();
61 ob_clean(); // probably overkill for this, but good habit.
62 \wp_send_json_success();
63 }
64
65 /**
66 * Shows the settings for the grace period notifications behavior.
67 *
68 * @param string $role - The name of the role.
69 * @param string $name_prefix - Name prefix for the input name, includes the role name if provided.
70 * @param string $data_role - Data attribute - used by the JS.
71 * @param string $role_id - The role name, used to identify the inputs.
72 *
73 * @return string
74 *
75 * @since 2.7.0
76 */
77 public static function reset_settings( string $role = '', string $name_prefix = '', string $data_role = '', string $role_id = '' ) {
78 ob_start();
79
80 $password_reset_action = Settings_Utils::get_setting_role( sanitize_text_field( $role ), self::RE_LOGIN_SETTINGS_NAME, true );
81 ?>
82 <div class="sub-setting-indent">
83 <fieldset>
84 <label for="<?php echo esc_attr( self::ENABLED_SETTING_VALUE . $role_id ); ?>" style="margin-bottom: 10px; display: inline-block;">
85 <input type="checkbox" name="<?php echo esc_attr( $name_prefix . '[' . self::RE_LOGIN_SETTINGS_NAME . ']' ); ?>"
86 id="<?php echo esc_attr( self::ENABLED_SETTING_VALUE . $role_id ); ?>"
87 <?php echo $data_role; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
88 value="<?php echo esc_attr( self::ENABLED_SETTING_VALUE ); ?>" <?php checked( $password_reset_action, self::ENABLED_SETTING_VALUE ); ?> class="js-nested">
89 <span><?php echo esc_html__( 'Log out user after 2FA setup', 'wp-2fa' ); ?></span>
90 </label>
91 </fieldset>
92 </div>
93 <?php
94 $html_content = ob_get_contents();
95 ob_end_clean();
96
97 return $html_content;
98 }
99
100 /**
101 * Adds global plugin setting options.
102 *
103 * @param array $loop_settings - Array with current plugin settings.
104 *
105 * @return array
106 *
107 * @since 2.7.0
108 */
109 public static function add_setting_value( array $loop_settings ) {
110 $loop_settings[] = self::RE_LOGIN_SETTINGS_NAME;
111
112 return $loop_settings;
113 }
114
115 /**
116 * Adds the extension default settings to the main plugin settings.
117 *
118 * @param array $default_settings - array with plugin default settings.
119 *
120 * @return array
121 *
122 * @since 2.7.0
123 */
124 public static function add_default_settings( array $default_settings ) {
125 $default_settings[ self::RE_LOGIN_SETTINGS_NAME ] = self::RE_LOGIN_SETTINGS_NAME;
126
127 return $default_settings;
128 }
129
130 /**
131 * Password reset settings.
132 *
133 * @param string $content - HTML content.
134 * @param string $role - The name of the role.
135 * @param string $name_prefix - Name prefix for the input name, includes the role name if provided.
136 * @param string $data_role - Data attribute - used by the JS.
137 * @param string $role_id - The role name, used to identify the inputs.
138 *
139 * @return string
140 *
141 * @since 2.7.0
142 */
143 public static function re_login_setting( string $content, string $role = '', string $name_prefix = '', string $data_role = '', string $role_id = '' ) {
144 ob_start();
145 ?>
146 <h3><?php \esc_html_e( 'Do you want to logout users after setting up 2FA on their account?', 'wp-2fa' ); ?></h3>
147 <p class="description">
148 <?php \esc_html_e( 'When you enable this setting users will be logged out automatically after configuring 2FA and they will need to log back in.', 'wp-2fa' ); ?>
149 </p>
150
151 <table class="form-table">
152 <tbody>
153 <tr>
154 <th><label for="<?php echo esc_attr( self::ENABLED_SETTING_VALUE . $role_id ); ?>"><?php esc_html_e( 'Re-login', 'wp-2fa' ); ?></label></th>
155 <td>
156 <fieldset class="contains-hidden-inputs">
157 <?php echo self::reset_settings( sanitize_text_field( $role ), sanitize_text_field( $name_prefix ), sanitize_text_field( $data_role ), sanitize_text_field( $role_id ) ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
158 </fieldset>
159 </td>
160 </tr>
161 </tbody>
162 </table>
163 <?php
164
165 $content .= ob_get_contents();
166 ob_end_clean();
167
168 return $content;
169 }
170 }
171 }
172