PluginProbe ʕ •ᴥ•ʔ
WP STAGING – WordPress Backup, Restore, Migration & Clone / 3.1.3
WP STAGING – WordPress Backup, Restore, Migration & Clone v3.1.3
4.9.1 4.9.0 4.8.1 trunk 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.1.0 3.1.1 3.1.2 3.1.3 3.1.4 3.10.0 3.2.0 3.3.1 3.3.2 3.3.3 3.4.1 3.4.3 3.5.0 3.6.0 3.7.1 3.8.0 3.8.1 3.8.2 3.8.3 3.8.4 3.8.5 3.8.6 3.8.7 3.9.0 3.9.1 3.9.2 3.9.3 3.9.4 4.0.0 4.1.0 4.1.1 4.1.2 4.1.3 4.1.4 4.2.0 4.2.1 4.3.0 4.3.1 4.3.2 4.4.0 4.5.0 4.6.0 4.7.0 4.7.1 4.7.2 4.7.3 4.8.0
wp-staging / Frontend / LoginForm.php
wp-staging / Frontend Last commit date
views 2 years ago Frontend.php 2 years ago FrontendServiceProvider.php 2 years ago LoginAfterRestore.php 3 years ago LoginForm.php 2 years ago LoginNotice.php 5 years ago
LoginForm.php
233 lines
1 <?php
2
3 namespace WPStaging\Frontend;
4
5 use WPStaging\Core\WPStaging;
6 use WPStaging\Framework\Utils\Sanitize;
7
8 class LoginForm
9 {
10 /** @var array $args */
11 private $args = [];
12
13 /**
14 * @var string
15 * Read in src/Frontend/views/loginForm.php
16 * Important! Keep the empty string assignment to prevent login issues.
17 * See https://github.com/wp-staging/wp-staging-pro/issues/2804
18 */
19 private $error = '';
20
21 /** @var Sanitize */
22 private $sanitize;
23
24 public function __construct()
25 {
26 $this->sanitize = WPStaging::make(Sanitize::class);
27 $this->login();
28 }
29
30 /**
31 * @return false
32 */
33 private function login(): bool
34 {
35 if (is_user_logged_in()) {
36 return false;
37 }
38
39 if (!isset($_POST['wpstg-username']) || !isset($_POST['wpstg-pass'])) {
40 return false;
41 }
42
43
44 if (isset($_POST['wpstg-submit']) && (empty($_POST['wpstg-username']) || empty($_POST['wpstg-pass']))) {
45 $this->error = 'No username or password given!';
46 return false;
47 }
48
49 $username = $this->sanitize->sanitizeString($_POST['wpstg-username']);
50 // Try to find user by username
51 $user_data = get_user_by('login', $username);
52
53 // Try to find user by email address
54 if (!$user_data) {
55 $user_data = get_user_by('email', $username);
56 }
57
58 $guideLink = esc_url('https://wp-staging.com/docs/can-not-login-to-staging-website/#Disable_WP_STAGING_Login_Form_or_Allow_Specific_Users_to_Pass_it');
59 if (!$user_data) {
60 $msg = sprintf(__('Incorrect credentials! Only administrators can access this page. Please try the default <a target="_blank" href="%s">login</a> form or read this <a target="_blank" href="%s">guide</a>.', 'wp-staging'), wp_login_url(), $guideLink);
61
62 if (defined('WPSTGPRO_VERSION')) {
63 $msg = sprintf(__('Incorrect credentials! Only administrators or explicitly authorized users can access this page. Please try the default <a target="_blank" href="%s">login</a> form or read this <a target="_blank" href="%s">guide</a>.', 'wp-staging'), wp_login_url(), $guideLink);
64 }
65
66 $this->error = $msg;
67 return false;
68 }
69
70 // Validate provided password and login
71 $password = isset($_POST['wpstg-pass']) ? $this->sanitize->sanitizePassword($_POST['wpstg-pass']) : '';
72 if (wp_check_password($password, $user_data->user_pass, $user_data->ID)) {
73 $rememberme = isset($_POST['rememberme']) ? true : false;
74
75 wp_set_auth_cookie($user_data->ID, $rememberme);
76 wp_set_current_user($user_data->ID, $username);
77 do_action('wp_login', $username, get_userdata($user_data->ID));
78
79 if (!empty($_POST['redirect_to'])) {
80 $redirectUrl = $this->sanitize->sanitizeUrl($_POST['redirect_to']);
81 }
82
83 header('Location:' . $redirectUrl);
84 } else {
85 $msg = sprintf(__('Login not possible! Only administrators can access this page. Please try the default <a target="_blank" href="%s">login</a> form or read this <a target="_blank" href="%s">guide</a>.', 'wp-staging'), wp_login_url(), $guideLink);
86
87 if (defined('WPSTGPRO_VERSION')) {
88 $msg = sprintf(__('Login not possible! Only administrators or explicitly authorized users can access this page. Please try the default <a target="_blank" href="%s">login</a> form or read this <a target="_blank" href="%s">guide</a>.', 'wp-staging'), wp_login_url(), $guideLink);
89 }
90
91 $this->error = $msg;
92 }
93
94 return false;
95 }
96
97 /**
98 * @param array $args
99 * @return void
100 */
101 public function renderForm(array $args = [])
102 {
103 $this->args = $args;
104 $this->getHeader();
105 $this->getLoginForm();
106 $this->getFooter();
107 }
108
109 /**
110 * @return void
111 */
112 private function getHeader()
113 {
114 require_once __DIR__ . '/views/header.php';
115 }
116
117 /**
118 * Add footer
119 *
120 */
121 private function getFooter()
122 {
123 require_once __DIR__ . '/views/footer.php';
124 }
125
126 /**
127 * Provides a simple login form for use anywhere within WordPress.
128 *
129 * The login format HTML is echoed by default. Pass a false value for `$echo` to return it instead.
130 *
131 * @param array $args {
132 * Optional. Array of options to control the form output. Default empty array.
133 *
134 * @type bool $echo Whether to display the login form or return the form HTML code.
135 * Default true (echo).
136 * @type string $redirect URL to redirect to. Must be absolute, as in "https://example.com/mypage/".
137 * Default is to redirect back to the request URI.
138 * @type string $form_id ID attribute value for the form. Default 'loginform'.
139 * @type string $label_username Label for the username or email address field. Default 'Username or Email Address'.
140 * @type string $label_password Label for the password field. Default 'Password'.
141 * @type string $label_remember Label for the remember field. Default 'Remember Me'.
142 * @type string $label_log_in Label for the submit button. Default 'Log In'.
143 * @type string $id_username ID attribute value for the username field. Default 'user_login'.
144 * @type string $id_password ID attribute value for the password field. Default 'user_pass'.
145 * @type string $id_remember ID attribute value for the remember field. Default 'rememberme'.
146 * @type string $id_submit ID attribute value for the submit button. Default 'wp-submit'.
147 * @type bool $remember Whether to display the "rememberme" checkbox in the form.
148 * @type string $value_username Default value for the username field. Default empty.
149 * @type bool $value_remember Whether the "Remember Me" checkbox should be checked by default.
150 * Default false (unchecked).
151 *
152 * }
153 * @return string|void String when retrieving.
154 * @since 3.0.0
155 *
156 */
157 private function getLoginForm()
158 {
159 $args = empty($this->args) ? $this->getDefaultArguments() : $this->args;
160
161 // Don't delete! This is used in the views below
162 $notice = __('Enter your administrator credentials to access this site. (This message will be displayed only once!)', 'wp-staging');
163 $showNotice = (new LoginNotice())->isLoginNoticeActive();
164
165 // Detect if wordfence is active and 2fa enabled
166 $isCustomLogin2faEnabled = class_exists('wordfence') && get_option('wordfenceActivated');
167
168 $loginFileView = WPSTG_PLUGIN_DIR . 'Frontend/views/pro/loginForm.php';
169 if (!file_exists($loginFileView)) {
170 $loginFileView = WPSTG_PLUGIN_DIR . 'Frontend/views/loginForm.php';
171 }
172
173 if ($args['echo']) {
174 require($loginFileView);
175 } else {
176 ob_start();
177 require($loginFileView);
178 return ob_get_clean();
179 }
180 }
181
182 /**
183 * set error to show
184 * @param string $error Error message to set
185 * @return void
186 */
187 public function setError(string $error)
188 {
189 $this->error = $error;
190 }
191
192 /**
193 * Returns the default set of arguments used to render the Login Form.
194 *
195 * @param array<string,mixed> $overrides A set of values to override the default ones.
196 *
197 * @return array<string,mixed> The default set of arguments used to render the login form.
198 * @since TBD
199 *
200 */
201 public function getDefaultArguments(array $overrides = []): array
202 {
203 // Default 'redirect' value takes the user back to the request URI.
204 $httpHost = !empty($_SERVER['HTTP_HOST']) ? $this->sanitize->sanitizeString($_SERVER['HTTP_HOST']) : '';
205 $requestURI = !empty($_SERVER['REQUEST_URI']) ? $this->sanitize->sanitizeString($_SERVER['REQUEST_URI']) : '';
206 $redirect = $this->sanitize->sanitizeUrl((is_ssl() ? 'https://' : 'http://') . $httpHost . $requestURI);
207 $lostPasswordUrl = wp_lostpassword_url($redirect);
208 $arguments = wp_parse_args(
209 $overrides,
210 [
211 'echo' => true,
212 'redirect' => $redirect,
213 'lost_password_url' => $lostPasswordUrl,
214 'form_id' => 'loginform',
215 'label_username' => __('Username', 'wp-staging'),
216 'label_password' => __('Password', 'wp-staging'),
217 'label_remember' => __('Remember Me', 'wp-staging'),
218 'label_log_in' => __('Log In', 'wp-staging'),
219 'id_username' => 'user_login',
220 'id_password' => 'user_pass',
221 'id_remember' => 'rememberme',
222 'id_submit' => 'wp-submit',
223 'remember' => true,
224 'value_username' => '',
225 // Set 'value_remember' to true to default the "Remember me" checkbox to checked.
226 'value_remember' => false,
227 ]
228 );
229
230 return $arguments;
231 }
232 }
233