PluginProbe ʕ •ᴥ•ʔ
WP STAGING – WordPress Backup, Restore, Migration & Clone / 3.8.0
WP STAGING – WordPress Backup, Restore, Migration & Clone v3.8.0
4.9.1 4.9.0 4.8.1 trunk 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.1.0 3.1.1 3.1.2 3.1.3 3.1.4 3.10.0 3.2.0 3.3.1 3.3.2 3.3.3 3.4.1 3.4.3 3.5.0 3.6.0 3.7.1 3.8.0 3.8.1 3.8.2 3.8.3 3.8.4 3.8.5 3.8.6 3.8.7 3.9.0 3.9.1 3.9.2 3.9.3 3.9.4 4.0.0 4.1.0 4.1.1 4.1.2 4.1.3 4.1.4 4.2.0 4.2.1 4.3.0 4.3.1 4.3.2 4.4.0 4.5.0 4.6.0 4.7.0 4.7.1 4.7.2 4.7.3 4.8.0
wp-staging / Frontend / Frontend.php
wp-staging / Frontend Last commit date
views 2 years ago Frontend.php 2 years ago FrontendServiceProvider.php 2 years ago LoginAfterRestore.php 2 years ago LoginForm.php 2 years ago LoginNotice.php 5 years ago
Frontend.php
238 lines
1 <?php
2
3 namespace WPStaging\Frontend;
4
5 use WPStaging\Core\WPStaging;
6 use WPStaging\Framework\Rest\Rest;
7 use WPStaging\Framework\SiteInfo;
8 use WPStaging\Framework\Auth\LoginByLink;
9
10 /**
11 * Class Frontend
12 * @package WPStaging\Frontend
13 */
14 class Frontend
15 {
16 /**
17 * @var object
18 */
19 private $settings;
20
21 /**
22 * @var bool
23 */
24 private $accessDenied = false;
25
26 /** @var LoginForm */
27 private $loginForm;
28
29 public function __construct()
30 {
31 $this->defineHooks();
32
33 $this->settings = json_decode(json_encode(get_option("wpstg_settings", [])));
34
35 $this->loginForm = WPStaging::make(LoginForm::class);
36 }
37
38 /**
39 * Change admin_bar site_name
40 *
41 * @return void
42 * @global object $wp_admin_bar
43 */
44 public function changeSiteName()
45 {
46 global $wp_admin_bar;
47 $siteTitle = apply_filters('wpstg_staging_site_title', 'STAGING');
48 if ($this->isStagingSite()) {
49 // Main Title
50 $wp_admin_bar->add_menu(
51 [
52 'id' => 'site-name',
53 'title' => is_admin() ? ($siteTitle . ' - ' . get_bloginfo('name')) : ($siteTitle . ' - ' . get_bloginfo('name') . ' Dashboard'),
54 'href' => is_admin() ? home_url('/') : admin_url(),
55 ]
56 );
57 }
58 }
59
60 /**
61 * Check permissions for the page to decide whether to disable the page
62 * @return void
63 */
64 public function checkPermissions()
65 {
66 $this->resetPermaLinks();
67
68 if ($this->showLoginForm()) {
69 if ($this->accessDenied) {
70 wp_logout();
71 $this->loginForm->setError(__('Access Denied', 'wp-staging'));
72 }
73
74 $overrides = [
75 'label_username' => __('Username or Email Address', 'wp-staging'),
76 ];
77 $this->loginForm->renderForm($this->loginForm->getDefaultArguments($overrides));
78 die();
79 }
80 }
81
82 /**
83 * Define Hooks
84 * @return void
85 */
86 private function defineHooks()
87 {
88 static $isRegistered = false;
89 if ($isRegistered) {
90 return;
91 }
92
93 add_action("init", [$this, "checkPermissions"]);
94 add_filter("wp_before_admin_bar_render", [$this, "changeSiteName"]);
95
96 $isRegistered = true;
97 }
98
99 /**
100 * Show a login form if user is not authorized
101 * @return bool
102 */
103 private function showLoginForm(): bool
104 {
105 $this->accessDenied = false;
106
107 // Don't show login form if from wp-cli
108 if ('cli' === PHP_SAPI && defined('WP_CLI')) {
109 return false;
110 }
111
112 // Don't show login form if showLoginForm filter is set to false. Used by Real Cookie Banner plugin
113 if (apply_filters('wpstg.frontend.showLoginForm', false)) {
114 return false;
115 }
116
117 // Don't show login form for rest requests
118
119 /** @var Rest $rest */
120 $rest = WPStaging::make(Rest::class);
121 if ($rest->isRestUrl()) {
122 return false;
123 }
124
125 if ($this->isLoginPage() || is_admin()) {
126 return false;
127 }
128
129 if (!$this->isStagingSite()) {
130 return false;
131 }
132
133 // Allow access for administrator
134 if (current_user_can('manage_options')) {
135 return false;
136 }
137
138 // Simple check (free version only)
139 if (!defined('WPSTGPRO_VERSION')) {
140 return (!isset($this->settings->disableAdminLogin) || $this->settings->disableAdminLogin !== '1');
141 }
142
143 // Allow access for wp staging user role "all"
144 if (!empty($this->settings->userRoles) && in_array('all', $this->settings->userRoles)) {
145 return false;
146 }
147
148 if (!is_user_logged_in()) {
149 return true;
150 }
151
152 $currentUser = wp_get_current_user();
153
154 if ($currentUser->has_cap(LoginByLink::WPSTG_VISITOR_ROLE)) {
155 return false;
156 }
157
158 // Allow access for administrators if no user roles are defined
159 if (!isset($this->settings->userRoles) || !is_array($this->settings->userRoles)) {
160 $this->accessDenied = true;
161 return true;
162 }
163
164 if (defined('WPSTGPRO_VERSION') && !empty($this->settings->usersWithStagingAccess)) {
165 $usersWithStagingAccess = explode(',', $this->settings->usersWithStagingAccess);
166
167 // check against usernames
168 if (in_array($currentUser->user_login, $usersWithStagingAccess, true)) {
169 return false;
170 }
171
172 // check against emails
173 if (in_array($currentUser->user_email, $usersWithStagingAccess, true)) {
174 return false;
175 }
176 }
177
178 // Require login form if user is not in specific user role
179 $activeUserRoles = $currentUser->roles;
180
181 $result = isset($this->settings->userRoles) && is_array($this->settings->userRoles) ?
182 array_intersect($activeUserRoles, $this->settings->userRoles) :
183 [];
184
185 if (empty($result) && !$this->isLoginPage() && !is_admin()) {
186 $this->accessDenied = true;
187 return true;
188 }
189
190 // Don't show login form if no other rule apply
191 return false;
192 }
193
194 /**
195 * Check if it is a staging site
196 * @return bool
197 */
198 private function isStagingSite(): bool
199 {
200 return (new SiteInfo())->isStagingSite();
201 }
202
203 /**
204 * Check if it is the login page
205 * @return bool
206 */
207 private function isLoginPage(): bool
208 {
209 return ($GLOBALS["pagenow"] === "wp-login.php");
210 }
211
212 /**
213 * Reset permalink structure of the clone to default; index.php?p=123
214 */
215 private function resetPermaLinks()
216 {
217 // Do nothing
218 if (!$this->isStagingSite() || get_option("wpstg_rmpermalinks_executed") === "true") {
219 return;
220 }
221
222 // Do nothing
223 if (defined('WPSTGPRO_VERSION') && isset($this->settings->keepPermalinks) && $this->settings->keepPermalinks === "1") {
224 return;
225 }
226
227 // $wp_rewrite is not available before the init hook. So we need to use the global variable
228 global $wp_rewrite;
229
230 // @see https://developer.wordpress.org/reference/classes/wp_rewrite/set_permalink_structure/
231 $wp_rewrite->set_permalink_structure('');
232
233 flush_rewrite_rules();
234
235 update_option("wpstg_rmpermalinks_executed", "true");
236 }
237 }
238