Frontend.php
1 year ago
FrontendServiceProvider.php
11 months ago
LoginAfterRestore.php
1 year ago
LoginForm.php
1 year ago
LoginNotice.php
5 years ago
LoginForm.php
232 lines
| 1 | <?php |
| 2 | |
| 3 | namespace WPStaging\Frontend; |
| 4 | |
| 5 | use WPStaging\Core\WPStaging; |
| 6 | use WPStaging\Framework\Utils\Sanitize; |
| 7 | |
| 8 | class LoginForm |
| 9 | { |
| 10 | /** @var array $args */ |
| 11 | private $args = []; |
| 12 | |
| 13 | /** |
| 14 | * @var string |
| 15 | * Read in src/views/frontend/loginForm.php |
| 16 | * Important! Keep the empty string assignment to prevent login issues. |
| 17 | * See https://github.com/wp-staging/wp-staging-pro/issues/2804 |
| 18 | */ |
| 19 | private $error = ''; |
| 20 | |
| 21 | /** @var Sanitize */ |
| 22 | private $sanitize; |
| 23 | |
| 24 | public function __construct() |
| 25 | { |
| 26 | $this->sanitize = WPStaging::make(Sanitize::class); |
| 27 | $this->login(); |
| 28 | } |
| 29 | |
| 30 | /** |
| 31 | * @return false |
| 32 | */ |
| 33 | private function login(): bool |
| 34 | { |
| 35 | if (is_user_logged_in()) { |
| 36 | return false; |
| 37 | } |
| 38 | |
| 39 | if (!isset($_POST['wpstg-username']) || !isset($_POST['wpstg-pass'])) { |
| 40 | return false; |
| 41 | } |
| 42 | |
| 43 | |
| 44 | if (isset($_POST['wpstg-submit']) && (empty($_POST['wpstg-username']) || empty($_POST['wpstg-pass']))) { |
| 45 | $this->error = 'No username or password given!'; |
| 46 | return false; |
| 47 | } |
| 48 | |
| 49 | $username = $this->sanitize->sanitizeString($_POST['wpstg-username']); |
| 50 | // Try to find user by username |
| 51 | $user_data = get_user_by('login', $username); |
| 52 | |
| 53 | // Try to find user by email address |
| 54 | if (!$user_data) { |
| 55 | $user_data = get_user_by('email', $username); |
| 56 | } |
| 57 | |
| 58 | $guideLink = esc_url('https://wp-staging.com/docs/can-not-login-to-staging-website/#Disable_WP_STAGING_Login_Form_or_Allow_Specific_Users_to_Pass_it'); |
| 59 | if (!$user_data) { |
| 60 | $msg = sprintf(__('Incorrect credentials! Only administrators can access this page. Please try the default <a target="_blank" href="%s">login</a> form or read this <a target="_blank" href="%s">guide</a>.', 'wp-staging'), wp_login_url(), $guideLink); |
| 61 | |
| 62 | if (defined('WPSTGPRO_VERSION')) { |
| 63 | $msg = sprintf(__('Incorrect credentials! Only administrators or explicitly authorized users can access this page. Please try the default <a target="_blank" href="%s">login</a> form or read this <a target="_blank" href="%s">guide</a>.', 'wp-staging'), wp_login_url(), $guideLink); |
| 64 | } |
| 65 | |
| 66 | $this->error = $msg; |
| 67 | return false; |
| 68 | } |
| 69 | |
| 70 | // Validate provided password and login |
| 71 | $password = isset($_POST['wpstg-pass']) ? $this->sanitize->sanitizePassword($_POST['wpstg-pass']) : ''; |
| 72 | if (wp_check_password($password, $user_data->user_pass, $user_data->ID)) { |
| 73 | $rememberme = isset($_POST['rememberme']) ? true : false; |
| 74 | |
| 75 | wp_set_auth_cookie($user_data->ID, $rememberme); |
| 76 | wp_set_current_user($user_data->ID, $username); |
| 77 | do_action('wp_login', $username, get_userdata($user_data->ID)); |
| 78 | |
| 79 | if (!empty($_POST['redirect_to'])) { |
| 80 | $redirectUrl = $this->sanitize->sanitizeUrl($_POST['redirect_to']); |
| 81 | } |
| 82 | |
| 83 | set_transient('wpstg_user_logged_in_status', true, 5); |
| 84 | |
| 85 | header('Location:' . $redirectUrl); |
| 86 | } else { |
| 87 | $msg = sprintf(__('Login not possible! Only administrators can access this page. Please try the default <a target="_blank" href="%s">login</a> form or read this <a target="_blank" href="%s">guide</a>.', 'wp-staging'), wp_login_url(), $guideLink); |
| 88 | |
| 89 | if (defined('WPSTGPRO_VERSION')) { |
| 90 | $msg = sprintf(__('Login not possible! Only administrators or explicitly authorized users can access this page. Please try the default <a target="_blank" href="%s">login</a> form or read this <a target="_blank" href="%s">guide</a>.', 'wp-staging'), wp_login_url(), $guideLink); |
| 91 | } |
| 92 | |
| 93 | $this->error = $msg; |
| 94 | } |
| 95 | |
| 96 | return false; |
| 97 | } |
| 98 | |
| 99 | /** |
| 100 | * @param array $args |
| 101 | * @return void |
| 102 | */ |
| 103 | public function renderForm(array $args = []) |
| 104 | { |
| 105 | $this->args = $args; |
| 106 | $this->getHeader(); |
| 107 | $this->getLoginForm(); |
| 108 | $this->getFooter(); |
| 109 | } |
| 110 | |
| 111 | /** |
| 112 | * @return void |
| 113 | */ |
| 114 | private function getHeader() |
| 115 | { |
| 116 | require_once WPSTG_VIEWS_DIR . 'frontend/header.php'; |
| 117 | } |
| 118 | |
| 119 | /** |
| 120 | * Add footer |
| 121 | * @return void |
| 122 | */ |
| 123 | private function getFooter() |
| 124 | { |
| 125 | require_once WPSTG_VIEWS_DIR . 'frontend/footer.php'; |
| 126 | } |
| 127 | |
| 128 | /** |
| 129 | * Provides a simple login form for use anywhere within WordPress. |
| 130 | * |
| 131 | * The login format HTML is echoed by default. Pass a false value for `$echo` to return it instead. |
| 132 | * |
| 133 | * @param array $args { |
| 134 | * Optional. Array of options to control the form output. Default empty array. |
| 135 | * |
| 136 | * @type bool $echo Whether to display the login form or return the form HTML code. |
| 137 | * Default true (echo). |
| 138 | * @type string $redirect URL to redirect to. Must be absolute, as in "https://example.com/mypage/". |
| 139 | * Default is to redirect back to the request URI. |
| 140 | * @type string $form_id ID attribute value for the form. Default 'loginform'. |
| 141 | * @type string $label_username Label for the username or email address field. Default 'Username or Email Address'. |
| 142 | * @type string $label_password Label for the password field. Default 'Password'. |
| 143 | * @type string $label_remember Label for the remember field. Default 'Remember Me'. |
| 144 | * @type string $label_log_in Label for the submit button. Default 'Log In'. |
| 145 | * @type string $id_username ID attribute value for the username field. Default 'user_login'. |
| 146 | * @type string $id_password ID attribute value for the password field. Default 'user_pass'. |
| 147 | * @type string $id_remember ID attribute value for the remember field. Default 'rememberme'. |
| 148 | * @type string $id_submit ID attribute value for the submit button. Default 'wp-submit'. |
| 149 | * @type bool $remember Whether to display the "rememberme" checkbox in the form. |
| 150 | * @type string $value_username Default value for the username field. Default empty. |
| 151 | * @type bool $value_remember Whether the "Remember Me" checkbox should be checked by default. |
| 152 | * Default false (unchecked). |
| 153 | * |
| 154 | * } |
| 155 | * @return string|void String when retrieving. |
| 156 | * @since 3.0.0 |
| 157 | * |
| 158 | */ |
| 159 | private function getLoginForm() |
| 160 | { |
| 161 | $args = empty($this->args) ? $this->getDefaultArguments() : $this->args; |
| 162 | |
| 163 | // Don't delete! This is used in the views below |
| 164 | $notice = __('Enter your administrator credentials to access this site. (This message will be displayed only once!)', 'wp-staging'); |
| 165 | $showNotice = (new LoginNotice())->isLoginNoticeActive(); |
| 166 | |
| 167 | // Detect if wordfence is active and 2fa enabled |
| 168 | $isCustomLogin2faEnabled = class_exists('wordfence', false) && get_option('wordfenceActivated'); |
| 169 | |
| 170 | $loginFileView = WPSTG_VIEWS_DIR . 'frontend/loginForm.php'; |
| 171 | |
| 172 | if ($args['echo']) { |
| 173 | require($loginFileView); |
| 174 | } else { |
| 175 | ob_start(); |
| 176 | require($loginFileView); |
| 177 | return ob_get_clean(); |
| 178 | } |
| 179 | } |
| 180 | |
| 181 | /** |
| 182 | * set error to show |
| 183 | * @param string $error Error message to set |
| 184 | * @return void |
| 185 | */ |
| 186 | public function setError(string $error) |
| 187 | { |
| 188 | $this->error = $error; |
| 189 | } |
| 190 | |
| 191 | /** |
| 192 | * Returns the default set of arguments used to render the Login Form. |
| 193 | * |
| 194 | * @param array<string,mixed> $overrides A set of values to override the default ones. |
| 195 | * |
| 196 | * @return array<string,mixed> The default set of arguments used to render the login form. |
| 197 | * @since TBD |
| 198 | * |
| 199 | */ |
| 200 | public function getDefaultArguments(array $overrides = []): array |
| 201 | { |
| 202 | // Default 'redirect' value takes the user back to the request URI. |
| 203 | $httpHost = !empty($_SERVER['HTTP_HOST']) ? $this->sanitize->sanitizeString($_SERVER['HTTP_HOST']) : ''; |
| 204 | $requestURI = !empty($_SERVER['REQUEST_URI']) ? $this->sanitize->sanitizeString($_SERVER['REQUEST_URI']) : ''; |
| 205 | $redirect = $this->sanitize->sanitizeUrl((is_ssl() ? 'https://' : 'http://') . $httpHost . $requestURI); |
| 206 | $lostPasswordUrl = wp_lostpassword_url($redirect); |
| 207 | $arguments = wp_parse_args( |
| 208 | $overrides, |
| 209 | [ |
| 210 | 'echo' => true, |
| 211 | 'redirect' => $redirect, |
| 212 | 'lost_password_url' => $lostPasswordUrl, |
| 213 | 'form_id' => 'loginform', |
| 214 | 'label_username' => __('Username', 'wp-staging'), |
| 215 | 'label_password' => __('Password', 'wp-staging'), |
| 216 | 'label_remember' => __('Remember Me', 'wp-staging'), |
| 217 | 'label_log_in' => __('Log In', 'wp-staging'), |
| 218 | 'id_username' => 'user_login', |
| 219 | 'id_password' => 'user_pass', |
| 220 | 'id_remember' => 'rememberme', |
| 221 | 'id_submit' => 'wp-submit', |
| 222 | 'remember' => true, |
| 223 | 'value_username' => '', |
| 224 | // Set 'value_remember' to true to default the "Remember me" checkbox to checked. |
| 225 | 'value_remember' => false, |
| 226 | ] |
| 227 | ); |
| 228 | |
| 229 | return $arguments; |
| 230 | } |
| 231 | } |
| 232 |