views
3 years ago
Frontend.php
3 years ago
FrontendServiceProvider.php
2 years ago
LoginAfterRestore.php
3 years ago
LoginForm.php
3 years ago
LoginNotice.php
5 years ago
LoginForm.php
218 lines
| 1 | <?php |
| 2 | |
| 3 | namespace WPStaging\Frontend; |
| 4 | |
| 5 | use WPStaging\Core\WPStaging; |
| 6 | use WPStaging\Framework\Utils\Sanitize; |
| 7 | |
| 8 | class LoginForm |
| 9 | { |
| 10 | /** @var array $args */ |
| 11 | private $args = []; |
| 12 | |
| 13 | /** |
| 14 | * @var string |
| 15 | * Read in src/Frontend/views/loginForm.php |
| 16 | */ |
| 17 | private $error; |
| 18 | |
| 19 | /** @var Sanitize */ |
| 20 | private $sanitize; |
| 21 | |
| 22 | public function __construct() |
| 23 | { |
| 24 | $this->sanitize = WPStaging::make(Sanitize::class); |
| 25 | $this->login(); |
| 26 | } |
| 27 | |
| 28 | /** |
| 29 | * @return false |
| 30 | */ |
| 31 | private function login() |
| 32 | { |
| 33 | if (is_user_logged_in()) { |
| 34 | return false; |
| 35 | } |
| 36 | |
| 37 | if (!isset($_POST['wpstg-username']) || !isset($_POST['wpstg-pass'])) { |
| 38 | return false; |
| 39 | } |
| 40 | |
| 41 | |
| 42 | if (isset($_POST['wpstg-submit']) && (empty($_POST['wpstg-username']) || empty($_POST['wpstg-pass']))) { |
| 43 | $this->error = 'No username or password given!'; |
| 44 | return false; |
| 45 | } |
| 46 | |
| 47 | $username = $this->sanitize->sanitizeString($_POST['wpstg-username']); |
| 48 | // Try to find user by username |
| 49 | $user_data = get_user_by('login', $username); |
| 50 | |
| 51 | // Try to find user by email address |
| 52 | if (!$user_data) { |
| 53 | $user_data = get_user_by('email', $username); |
| 54 | } |
| 55 | |
| 56 | $guideLink = esc_url('https://wp-staging.com/docs/can-not-login-to-staging-website/#Disable_WP_STAGING_Login_Form_or_Allow_Specific_Users_to_Pass_it'); |
| 57 | if (!$user_data) { |
| 58 | $msg = sprintf(__('Incorrect credentials! Only administrators can access this page. Please try the default <a target="_blank" href="%s">login</a> form or read this <a target="_blank" href="%s">guide</a>.', 'wp-staging'), wp_login_url(), $guideLink); |
| 59 | |
| 60 | if (defined('WPSTGPRO_VERSION')) { |
| 61 | $msg = sprintf(__('Incorrect credentials! Only administrators or explicitly authorized users can access this page. Please try the default <a target="_blank" href="%s">login</a> form or read this <a target="_blank" href="%s">guide</a>.', 'wp-staging'), wp_login_url(), $guideLink); |
| 62 | } |
| 63 | $this->error = $msg; |
| 64 | return false; |
| 65 | } |
| 66 | |
| 67 | // Validate provided password and login |
| 68 | $password = isset($_POST['wpstg-pass']) ? $this->sanitize->sanitizePassword($_POST['wpstg-pass']) : ''; |
| 69 | if (wp_check_password($password, $user_data->user_pass, $user_data->ID)) { |
| 70 | $rememberme = isset($_POST['rememberme']) ? true : false; |
| 71 | |
| 72 | wp_set_auth_cookie($user_data->ID, $rememberme); |
| 73 | wp_set_current_user($user_data->ID, $username); |
| 74 | do_action('wp_login', $username, get_userdata($user_data->ID)); |
| 75 | |
| 76 | if (!empty($_POST['redirect_to'])) { |
| 77 | $redirectTo = $this->sanitize->sanitizeUrl($_POST['redirect_to']); |
| 78 | } |
| 79 | |
| 80 | header('Location:' . $redirectTo); |
| 81 | } else { |
| 82 | $msg = sprintf(__('Login not possible! Only administrators can access this page. Please try the default <a target="_blank" href="%s">login</a> form or read this <a target="_blank" href="%s">guide</a>.', 'wp-staging'), wp_login_url(), $guideLink); |
| 83 | |
| 84 | if (defined('WPSTGPRO_VERSION')) { |
| 85 | $msg = sprintf(__('Login not possible! Only administrators or explicitly authorized users can access this page. Please try the default <a target="_blank" href="%s">login</a> form or read this <a target="_blank" href="%s">guide</a>.', 'wp-staging'), wp_login_url(), $guideLink); |
| 86 | } |
| 87 | $this->error = $msg; |
| 88 | } |
| 89 | |
| 90 | return false; |
| 91 | } |
| 92 | |
| 93 | public function renderForm($args = []) |
| 94 | { |
| 95 | $this->args = $args; |
| 96 | $this->getHeader(); |
| 97 | $this->getLoginForm(); |
| 98 | $this->getFooter(); |
| 99 | } |
| 100 | |
| 101 | private function getHeader() |
| 102 | { |
| 103 | require_once __DIR__ . '/views/header.php'; |
| 104 | } |
| 105 | |
| 106 | /** |
| 107 | * Add footer |
| 108 | * |
| 109 | */ |
| 110 | private function getFooter() |
| 111 | { |
| 112 | require_once __DIR__ . '/views/footer.php'; |
| 113 | } |
| 114 | |
| 115 | /** |
| 116 | * Provides a simple login form for use anywhere within WordPress. |
| 117 | * |
| 118 | * The login format HTML is echoed by default. Pass a false value for `$echo` to return it instead. |
| 119 | * |
| 120 | * @param array $args { |
| 121 | * Optional. Array of options to control the form output. Default empty array. |
| 122 | * |
| 123 | * @type bool $echo Whether to display the login form or return the form HTML code. |
| 124 | * Default true (echo). |
| 125 | * @type string $redirect URL to redirect to. Must be absolute, as in "https://example.com/mypage/". |
| 126 | * Default is to redirect back to the request URI. |
| 127 | * @type string $form_id ID attribute value for the form. Default 'loginform'. |
| 128 | * @type string $label_username Label for the username or email address field. Default 'Username or Email Address'. |
| 129 | * @type string $label_password Label for the password field. Default 'Password'. |
| 130 | * @type string $label_remember Label for the remember field. Default 'Remember Me'. |
| 131 | * @type string $label_log_in Label for the submit button. Default 'Log In'. |
| 132 | * @type string $id_username ID attribute value for the username field. Default 'user_login'. |
| 133 | * @type string $id_password ID attribute value for the password field. Default 'user_pass'. |
| 134 | * @type string $id_remember ID attribute value for the remember field. Default 'rememberme'. |
| 135 | * @type string $id_submit ID attribute value for the submit button. Default 'wp-submit'. |
| 136 | * @type bool $remember Whether to display the "rememberme" checkbox in the form. |
| 137 | * @type string $value_username Default value for the username field. Default empty. |
| 138 | * @type bool $value_remember Whether the "Remember Me" checkbox should be checked by default. |
| 139 | * Default false (unchecked). |
| 140 | * |
| 141 | * } |
| 142 | * @return string|void String when retrieving. |
| 143 | * @since 3.0.0 |
| 144 | * |
| 145 | */ |
| 146 | private function getLoginForm() |
| 147 | { |
| 148 | $args = empty($this->args) ? $this->getDefaultArguments() : $this->args; |
| 149 | |
| 150 | // Don't delete! This is used in the views below |
| 151 | $notice = __('Enter your administrator credentials to access this site. (This message will be displayed only once!)', 'wp-staging'); |
| 152 | $showNotice = (new LoginNotice())->isLoginNoticeActive(); |
| 153 | |
| 154 | $loginFileView = WPSTG_PLUGIN_DIR . 'Frontend/views/pro/loginForm.php'; |
| 155 | if (!file_exists($loginFileView)) { |
| 156 | $loginFileView = WPSTG_PLUGIN_DIR . 'Frontend/views/loginForm.php'; |
| 157 | } |
| 158 | |
| 159 | if ($args['echo']) { |
| 160 | require($loginFileView); |
| 161 | } else { |
| 162 | ob_start(); |
| 163 | require($loginFileView); |
| 164 | return ob_get_clean(); |
| 165 | } |
| 166 | } |
| 167 | |
| 168 | /** |
| 169 | * set error to show |
| 170 | * @param string $error Error message to set |
| 171 | */ |
| 172 | public function setError($error) |
| 173 | { |
| 174 | $this->error = $error; |
| 175 | } |
| 176 | |
| 177 | /** |
| 178 | * Returns the default set of arguments used to render the Login Form. |
| 179 | * |
| 180 | * @param array<string,mixed> $overrides A set of values to override the default ones. |
| 181 | * |
| 182 | * @return array<string,mixed> The default set of arguments used to render the login form. |
| 183 | * @since TBD |
| 184 | * |
| 185 | */ |
| 186 | public function getDefaultArguments(array $overrides = []) |
| 187 | { |
| 188 | // Default 'redirect' value takes the user back to the request URI. |
| 189 | $httpHost = !empty($_SERVER['HTTP_HOST']) ? $this->sanitize->sanitizeString($_SERVER['HTTP_HOST']) : ''; |
| 190 | $requestURI = !empty($_SERVER['REQUEST_URI']) ? $this->sanitize->sanitizeString($_SERVER['REQUEST_URI']) : ''; |
| 191 | $redirect = $this->sanitize->sanitizeUrl((is_ssl() ? 'https://' : 'http://') . $httpHost . $requestURI); |
| 192 | $lostPasswordUrl = wp_lostpassword_url($redirect); |
| 193 | $arguments = wp_parse_args( |
| 194 | $overrides, |
| 195 | [ |
| 196 | 'echo' => true, |
| 197 | 'redirect' => $redirect, |
| 198 | 'lost_password_url' => $lostPasswordUrl, |
| 199 | 'form_id' => 'loginform', |
| 200 | 'label_username' => __('Username', 'wp-staging'), |
| 201 | 'label_password' => __('Password', 'wp-staging'), |
| 202 | 'label_remember' => __('Remember Me', 'wp-staging'), |
| 203 | 'label_log_in' => __('Log In', 'wp-staging'), |
| 204 | 'id_username' => 'user_login', |
| 205 | 'id_password' => 'user_pass', |
| 206 | 'id_remember' => 'rememberme', |
| 207 | 'id_submit' => 'wp-submit', |
| 208 | 'remember' => true, |
| 209 | 'value_username' => '', |
| 210 | // Set 'value_remember' to true to default the "Remember me" checkbox to checked. |
| 211 | 'value_remember' => false, |
| 212 | ] |
| 213 | ); |
| 214 | |
| 215 | return $arguments; |
| 216 | } |
| 217 | } |
| 218 |