PluginProbe ʕ •ᴥ•ʔ
WP STAGING – WordPress Backup, Restore, Migration & Clone / 3.0.0
WP STAGING – WordPress Backup, Restore, Migration & Clone v3.0.0
4.9.1 4.9.0 4.8.1 trunk 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.1.0 3.1.1 3.1.2 3.1.3 3.1.4 3.10.0 3.2.0 3.3.1 3.3.2 3.3.3 3.4.1 3.4.3 3.5.0 3.6.0 3.7.1 3.8.0 3.8.1 3.8.2 3.8.3 3.8.4 3.8.5 3.8.6 3.8.7 3.9.0 3.9.1 3.9.2 3.9.3 3.9.4 4.0.0 4.1.0 4.1.1 4.1.2 4.1.3 4.1.4 4.2.0 4.2.1 4.3.0 4.3.1 4.3.2 4.4.0 4.5.0 4.6.0 4.7.0 4.7.1 4.7.2 4.7.3 4.8.0
wp-staging / Frontend / LoginForm.php
wp-staging / Frontend Last commit date
views 3 years ago Frontend.php 3 years ago FrontendServiceProvider.php 2 years ago LoginAfterRestore.php 3 years ago LoginForm.php 3 years ago LoginNotice.php 5 years ago
LoginForm.php
218 lines
1 <?php
2
3 namespace WPStaging\Frontend;
4
5 use WPStaging\Core\WPStaging;
6 use WPStaging\Framework\Utils\Sanitize;
7
8 class LoginForm
9 {
10 /** @var array $args */
11 private $args = [];
12
13 /**
14 * @var string
15 * Read in src/Frontend/views/loginForm.php
16 */
17 private $error;
18
19 /** @var Sanitize */
20 private $sanitize;
21
22 public function __construct()
23 {
24 $this->sanitize = WPStaging::make(Sanitize::class);
25 $this->login();
26 }
27
28 /**
29 * @return false
30 */
31 private function login()
32 {
33 if (is_user_logged_in()) {
34 return false;
35 }
36
37 if (!isset($_POST['wpstg-username']) || !isset($_POST['wpstg-pass'])) {
38 return false;
39 }
40
41
42 if (isset($_POST['wpstg-submit']) && (empty($_POST['wpstg-username']) || empty($_POST['wpstg-pass']))) {
43 $this->error = 'No username or password given!';
44 return false;
45 }
46
47 $username = $this->sanitize->sanitizeString($_POST['wpstg-username']);
48 // Try to find user by username
49 $user_data = get_user_by('login', $username);
50
51 // Try to find user by email address
52 if (!$user_data) {
53 $user_data = get_user_by('email', $username);
54 }
55
56 $guideLink = esc_url('https://wp-staging.com/docs/can-not-login-to-staging-website/#Disable_WP_STAGING_Login_Form_or_Allow_Specific_Users_to_Pass_it');
57 if (!$user_data) {
58 $msg = sprintf(__('Incorrect credentials! Only administrators can access this page. Please try the default <a target="_blank" href="%s">login</a> form or read this <a target="_blank" href="%s">guide</a>.', 'wp-staging'), wp_login_url(), $guideLink);
59
60 if (defined('WPSTGPRO_VERSION')) {
61 $msg = sprintf(__('Incorrect credentials! Only administrators or explicitly authorized users can access this page. Please try the default <a target="_blank" href="%s">login</a> form or read this <a target="_blank" href="%s">guide</a>.', 'wp-staging'), wp_login_url(), $guideLink);
62 }
63 $this->error = $msg;
64 return false;
65 }
66
67 // Validate provided password and login
68 $password = isset($_POST['wpstg-pass']) ? $this->sanitize->sanitizePassword($_POST['wpstg-pass']) : '';
69 if (wp_check_password($password, $user_data->user_pass, $user_data->ID)) {
70 $rememberme = isset($_POST['rememberme']) ? true : false;
71
72 wp_set_auth_cookie($user_data->ID, $rememberme);
73 wp_set_current_user($user_data->ID, $username);
74 do_action('wp_login', $username, get_userdata($user_data->ID));
75
76 if (!empty($_POST['redirect_to'])) {
77 $redirectTo = $this->sanitize->sanitizeUrl($_POST['redirect_to']);
78 }
79
80 header('Location:' . $redirectTo);
81 } else {
82 $msg = sprintf(__('Login not possible! Only administrators can access this page. Please try the default <a target="_blank" href="%s">login</a> form or read this <a target="_blank" href="%s">guide</a>.', 'wp-staging'), wp_login_url(), $guideLink);
83
84 if (defined('WPSTGPRO_VERSION')) {
85 $msg = sprintf(__('Login not possible! Only administrators or explicitly authorized users can access this page. Please try the default <a target="_blank" href="%s">login</a> form or read this <a target="_blank" href="%s">guide</a>.', 'wp-staging'), wp_login_url(), $guideLink);
86 }
87 $this->error = $msg;
88 }
89
90 return false;
91 }
92
93 public function renderForm($args = [])
94 {
95 $this->args = $args;
96 $this->getHeader();
97 $this->getLoginForm();
98 $this->getFooter();
99 }
100
101 private function getHeader()
102 {
103 require_once __DIR__ . '/views/header.php';
104 }
105
106 /**
107 * Add footer
108 *
109 */
110 private function getFooter()
111 {
112 require_once __DIR__ . '/views/footer.php';
113 }
114
115 /**
116 * Provides a simple login form for use anywhere within WordPress.
117 *
118 * The login format HTML is echoed by default. Pass a false value for `$echo` to return it instead.
119 *
120 * @param array $args {
121 * Optional. Array of options to control the form output. Default empty array.
122 *
123 * @type bool $echo Whether to display the login form or return the form HTML code.
124 * Default true (echo).
125 * @type string $redirect URL to redirect to. Must be absolute, as in "https://example.com/mypage/".
126 * Default is to redirect back to the request URI.
127 * @type string $form_id ID attribute value for the form. Default 'loginform'.
128 * @type string $label_username Label for the username or email address field. Default 'Username or Email Address'.
129 * @type string $label_password Label for the password field. Default 'Password'.
130 * @type string $label_remember Label for the remember field. Default 'Remember Me'.
131 * @type string $label_log_in Label for the submit button. Default 'Log In'.
132 * @type string $id_username ID attribute value for the username field. Default 'user_login'.
133 * @type string $id_password ID attribute value for the password field. Default 'user_pass'.
134 * @type string $id_remember ID attribute value for the remember field. Default 'rememberme'.
135 * @type string $id_submit ID attribute value for the submit button. Default 'wp-submit'.
136 * @type bool $remember Whether to display the "rememberme" checkbox in the form.
137 * @type string $value_username Default value for the username field. Default empty.
138 * @type bool $value_remember Whether the "Remember Me" checkbox should be checked by default.
139 * Default false (unchecked).
140 *
141 * }
142 * @return string|void String when retrieving.
143 * @since 3.0.0
144 *
145 */
146 private function getLoginForm()
147 {
148 $args = empty($this->args) ? $this->getDefaultArguments() : $this->args;
149
150 // Don't delete! This is used in the views below
151 $notice = __('Enter your administrator credentials to access this site. (This message will be displayed only once!)', 'wp-staging');
152 $showNotice = (new LoginNotice())->isLoginNoticeActive();
153
154 $loginFileView = WPSTG_PLUGIN_DIR . 'Frontend/views/pro/loginForm.php';
155 if (!file_exists($loginFileView)) {
156 $loginFileView = WPSTG_PLUGIN_DIR . 'Frontend/views/loginForm.php';
157 }
158
159 if ($args['echo']) {
160 require($loginFileView);
161 } else {
162 ob_start();
163 require($loginFileView);
164 return ob_get_clean();
165 }
166 }
167
168 /**
169 * set error to show
170 * @param string $error Error message to set
171 */
172 public function setError($error)
173 {
174 $this->error = $error;
175 }
176
177 /**
178 * Returns the default set of arguments used to render the Login Form.
179 *
180 * @param array<string,mixed> $overrides A set of values to override the default ones.
181 *
182 * @return array<string,mixed> The default set of arguments used to render the login form.
183 * @since TBD
184 *
185 */
186 public function getDefaultArguments(array $overrides = [])
187 {
188 // Default 'redirect' value takes the user back to the request URI.
189 $httpHost = !empty($_SERVER['HTTP_HOST']) ? $this->sanitize->sanitizeString($_SERVER['HTTP_HOST']) : '';
190 $requestURI = !empty($_SERVER['REQUEST_URI']) ? $this->sanitize->sanitizeString($_SERVER['REQUEST_URI']) : '';
191 $redirect = $this->sanitize->sanitizeUrl((is_ssl() ? 'https://' : 'http://') . $httpHost . $requestURI);
192 $lostPasswordUrl = wp_lostpassword_url($redirect);
193 $arguments = wp_parse_args(
194 $overrides,
195 [
196 'echo' => true,
197 'redirect' => $redirect,
198 'lost_password_url' => $lostPasswordUrl,
199 'form_id' => 'loginform',
200 'label_username' => __('Username', 'wp-staging'),
201 'label_password' => __('Password', 'wp-staging'),
202 'label_remember' => __('Remember Me', 'wp-staging'),
203 'label_log_in' => __('Log In', 'wp-staging'),
204 'id_username' => 'user_login',
205 'id_password' => 'user_pass',
206 'id_remember' => 'rememberme',
207 'id_submit' => 'wp-submit',
208 'remember' => true,
209 'value_username' => '',
210 // Set 'value_remember' to true to default the "Remember me" checkbox to checked.
211 'value_remember' => false,
212 ]
213 );
214
215 return $arguments;
216 }
217 }
218