PluginProbe ʕ •ᴥ•ʔ
WP STAGING – WordPress Backup, Restore, Migration & Clone / 4.3.1
WP STAGING – WordPress Backup, Restore, Migration & Clone v4.3.1
4.9.1 4.9.0 4.8.1 trunk 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.1.0 3.1.1 3.1.2 3.1.3 3.1.4 3.10.0 3.2.0 3.3.1 3.3.2 3.3.3 3.4.1 3.4.3 3.5.0 3.6.0 3.7.1 3.8.0 3.8.1 3.8.2 3.8.3 3.8.4 3.8.5 3.8.6 3.8.7 3.9.0 3.9.1 3.9.2 3.9.3 3.9.4 4.0.0 4.1.0 4.1.1 4.1.2 4.1.3 4.1.4 4.2.0 4.2.1 4.3.0 4.3.1 4.3.2 4.4.0 4.5.0 4.6.0 4.7.0 4.7.1 4.7.2 4.7.3 4.8.0
wp-staging / Frontend / LoginForm.php
wp-staging / Frontend Last commit date
Frontend.php 1 year ago FrontendServiceProvider.php 11 months ago LoginAfterRestore.php 1 year ago LoginForm.php 1 year ago LoginNotice.php 5 years ago
LoginForm.php
232 lines
1 <?php
2
3 namespace WPStaging\Frontend;
4
5 use WPStaging\Core\WPStaging;
6 use WPStaging\Framework\Utils\Sanitize;
7
8 class LoginForm
9 {
10 /** @var array $args */
11 private $args = [];
12
13 /**
14 * @var string
15 * Read in src/views/frontend/loginForm.php
16 * Important! Keep the empty string assignment to prevent login issues.
17 * See https://github.com/wp-staging/wp-staging-pro/issues/2804
18 */
19 private $error = '';
20
21 /** @var Sanitize */
22 private $sanitize;
23
24 public function __construct()
25 {
26 $this->sanitize = WPStaging::make(Sanitize::class);
27 $this->login();
28 }
29
30 /**
31 * @return false
32 */
33 private function login(): bool
34 {
35 if (is_user_logged_in()) {
36 return false;
37 }
38
39 if (!isset($_POST['wpstg-username']) || !isset($_POST['wpstg-pass'])) {
40 return false;
41 }
42
43
44 if (isset($_POST['wpstg-submit']) && (empty($_POST['wpstg-username']) || empty($_POST['wpstg-pass']))) {
45 $this->error = 'No username or password given!';
46 return false;
47 }
48
49 $username = $this->sanitize->sanitizeString($_POST['wpstg-username']);
50 // Try to find user by username
51 $user_data = get_user_by('login', $username);
52
53 // Try to find user by email address
54 if (!$user_data) {
55 $user_data = get_user_by('email', $username);
56 }
57
58 $guideLink = esc_url('https://wp-staging.com/docs/can-not-login-to-staging-website/#Disable_WP_STAGING_Login_Form_or_Allow_Specific_Users_to_Pass_it');
59 if (!$user_data) {
60 $msg = sprintf(__('Incorrect credentials! Only administrators can access this page. Please try the default <a target="_blank" href="%s">login</a> form or read this <a target="_blank" href="%s">guide</a>.', 'wp-staging'), wp_login_url(), $guideLink);
61
62 if (defined('WPSTGPRO_VERSION')) {
63 $msg = sprintf(__('Incorrect credentials! Only administrators or explicitly authorized users can access this page. Please try the default <a target="_blank" href="%s">login</a> form or read this <a target="_blank" href="%s">guide</a>.', 'wp-staging'), wp_login_url(), $guideLink);
64 }
65
66 $this->error = $msg;
67 return false;
68 }
69
70 // Validate provided password and login
71 $password = isset($_POST['wpstg-pass']) ? $this->sanitize->sanitizePassword($_POST['wpstg-pass']) : '';
72 if (wp_check_password($password, $user_data->user_pass, $user_data->ID)) {
73 $rememberme = isset($_POST['rememberme']) ? true : false;
74
75 wp_set_auth_cookie($user_data->ID, $rememberme);
76 wp_set_current_user($user_data->ID, $username);
77 do_action('wp_login', $username, get_userdata($user_data->ID));
78
79 if (!empty($_POST['redirect_to'])) {
80 $redirectUrl = $this->sanitize->sanitizeUrl($_POST['redirect_to']);
81 }
82
83 set_transient('wpstg_user_logged_in_status', true, 5);
84
85 header('Location:' . $redirectUrl);
86 } else {
87 $msg = sprintf(__('Login not possible! Only administrators can access this page. Please try the default <a target="_blank" href="%s">login</a> form or read this <a target="_blank" href="%s">guide</a>.', 'wp-staging'), wp_login_url(), $guideLink);
88
89 if (defined('WPSTGPRO_VERSION')) {
90 $msg = sprintf(__('Login not possible! Only administrators or explicitly authorized users can access this page. Please try the default <a target="_blank" href="%s">login</a> form or read this <a target="_blank" href="%s">guide</a>.', 'wp-staging'), wp_login_url(), $guideLink);
91 }
92
93 $this->error = $msg;
94 }
95
96 return false;
97 }
98
99 /**
100 * @param array $args
101 * @return void
102 */
103 public function renderForm(array $args = [])
104 {
105 $this->args = $args;
106 $this->getHeader();
107 $this->getLoginForm();
108 $this->getFooter();
109 }
110
111 /**
112 * @return void
113 */
114 private function getHeader()
115 {
116 require_once WPSTG_VIEWS_DIR . 'frontend/header.php';
117 }
118
119 /**
120 * Add footer
121 * @return void
122 */
123 private function getFooter()
124 {
125 require_once WPSTG_VIEWS_DIR . 'frontend/footer.php';
126 }
127
128 /**
129 * Provides a simple login form for use anywhere within WordPress.
130 *
131 * The login format HTML is echoed by default. Pass a false value for `$echo` to return it instead.
132 *
133 * @param array $args {
134 * Optional. Array of options to control the form output. Default empty array.
135 *
136 * @type bool $echo Whether to display the login form or return the form HTML code.
137 * Default true (echo).
138 * @type string $redirect URL to redirect to. Must be absolute, as in "https://example.com/mypage/".
139 * Default is to redirect back to the request URI.
140 * @type string $form_id ID attribute value for the form. Default 'loginform'.
141 * @type string $label_username Label for the username or email address field. Default 'Username or Email Address'.
142 * @type string $label_password Label for the password field. Default 'Password'.
143 * @type string $label_remember Label for the remember field. Default 'Remember Me'.
144 * @type string $label_log_in Label for the submit button. Default 'Log In'.
145 * @type string $id_username ID attribute value for the username field. Default 'user_login'.
146 * @type string $id_password ID attribute value for the password field. Default 'user_pass'.
147 * @type string $id_remember ID attribute value for the remember field. Default 'rememberme'.
148 * @type string $id_submit ID attribute value for the submit button. Default 'wp-submit'.
149 * @type bool $remember Whether to display the "rememberme" checkbox in the form.
150 * @type string $value_username Default value for the username field. Default empty.
151 * @type bool $value_remember Whether the "Remember Me" checkbox should be checked by default.
152 * Default false (unchecked).
153 *
154 * }
155 * @return string|void String when retrieving.
156 * @since 3.0.0
157 *
158 */
159 private function getLoginForm()
160 {
161 $args = empty($this->args) ? $this->getDefaultArguments() : $this->args;
162
163 // Don't delete! This is used in the views below
164 $notice = __('Enter your administrator credentials to access this site. (This message will be displayed only once!)', 'wp-staging');
165 $showNotice = (new LoginNotice())->isLoginNoticeActive();
166
167 // Detect if wordfence is active and 2fa enabled
168 $isCustomLogin2faEnabled = class_exists('wordfence', false) && get_option('wordfenceActivated');
169
170 $loginFileView = WPSTG_VIEWS_DIR . 'frontend/loginForm.php';
171
172 if ($args['echo']) {
173 require($loginFileView);
174 } else {
175 ob_start();
176 require($loginFileView);
177 return ob_get_clean();
178 }
179 }
180
181 /**
182 * set error to show
183 * @param string $error Error message to set
184 * @return void
185 */
186 public function setError(string $error)
187 {
188 $this->error = $error;
189 }
190
191 /**
192 * Returns the default set of arguments used to render the Login Form.
193 *
194 * @param array<string,mixed> $overrides A set of values to override the default ones.
195 *
196 * @return array<string,mixed> The default set of arguments used to render the login form.
197 * @since TBD
198 *
199 */
200 public function getDefaultArguments(array $overrides = []): array
201 {
202 // Default 'redirect' value takes the user back to the request URI.
203 $httpHost = !empty($_SERVER['HTTP_HOST']) ? $this->sanitize->sanitizeString($_SERVER['HTTP_HOST']) : '';
204 $requestURI = !empty($_SERVER['REQUEST_URI']) ? $this->sanitize->sanitizeString($_SERVER['REQUEST_URI']) : '';
205 $redirect = $this->sanitize->sanitizeUrl((is_ssl() ? 'https://' : 'http://') . $httpHost . $requestURI);
206 $lostPasswordUrl = wp_lostpassword_url($redirect);
207 $arguments = wp_parse_args(
208 $overrides,
209 [
210 'echo' => true,
211 'redirect' => $redirect,
212 'lost_password_url' => $lostPasswordUrl,
213 'form_id' => 'loginform',
214 'label_username' => __('Username', 'wp-staging'),
215 'label_password' => __('Password', 'wp-staging'),
216 'label_remember' => __('Remember Me', 'wp-staging'),
217 'label_log_in' => __('Log In', 'wp-staging'),
218 'id_username' => 'user_login',
219 'id_password' => 'user_pass',
220 'id_remember' => 'rememberme',
221 'id_submit' => 'wp-submit',
222 'remember' => true,
223 'value_username' => '',
224 // Set 'value_remember' to true to default the "Remember me" checkbox to checked.
225 'value_remember' => false,
226 ]
227 );
228
229 return $arguments;
230 }
231 }
232