various others from other plugins too. It can handle being called multiple times. */ public function login_enqueue_scripts() { if (!$this->should_enqueue_login_scripts()) { return; } if (isset($_GET['action']) && 'logout ' != $_GET['action'] && 'login' != $_GET['action']) return; static $already_done = false; if ($already_done) return; $already_done = true; // Prevent caching when in debug mode $script_ver = (defined('WP_DEBUG') && WP_DEBUG) ? time() : filemtime($this->includes_dir().'/tfa.js'); wp_enqueue_script('tfa-ajax-request', $this->includes_url().'/tfa.js', array('jquery'), $script_ver); $trusted_for = $this->get_option('tfa_trusted_for'); $trusted_for = (false === $trusted_for) ? 30 : (string) absint($trusted_for); $localize = array( 'ajaxurl' => $this->get_ajax_url(), 'click_to_enter_otp' => __("Click to enter One Time Password", 'all-in-one-wp-security-and-firewall'), 'enter_username_first' => __('You have to enter a username first.', 'all-in-one-wp-security-and-firewall'), 'otp' => __('One Time Password (i.e. 2FA)', 'all-in-one-wp-security-and-firewall'), 'otp_login_help' => __('(check your OTP app to get this password)', 'all-in-one-wp-security-and-firewall'), 'mark_as_trusted' => sprintf(_n('Trust this device (allow login without 2FA for %d day)', 'Trust this device (allow login without TFA for %d days)', $trusted_for, 'all-in-one-wp-security-and-firewall'), $trusted_for), 'is_trusted' => __('(Trusted device - no OTP code required)', 'all-in-one-wp-security-and-firewall'), 'nonce' => wp_create_nonce('simba_tfa_loginform_nonce'), 'login_form_selectors' => '', 'login_form_off_selectors' => '', 'error' => __('An error has occurred. Site owners can check the JavaScript console for more details.', 'all-in-one-wp-security-and-firewall'), ); // Spinner exists since WC 3.8. Use the proper functions to avoid SSL warnings. if (file_exists(ABSPATH.'wp-admin/images/spinner-2x.gif')) { $localize['spinnerimg'] = admin_url('images/spinner-2x.gif'); } elseif (file_exists(ABSPATH.WPINC.'/images/spinner-2x.gif')) { $localize['spinnerimg'] = includes_url('images/spinner-2x.gif'); } $localize = apply_filters('simba_tfa_login_enqueue_localize', $localize); wp_localize_script('tfa-ajax-request', 'simba_tfasettings', $localize); } /** * Check whether TFA login scripts should be enqueued or not. * * @return boolean True if the TFA login script should be enqueued, otherwise false. */ private function should_enqueue_login_scripts() { if (defined('TWO_FACTOR_DISABLE') && TWO_FACTOR_DISABLE) { return apply_filters('simbatfa_enqueue_login_scripts', false); } global $wpdb; $sql = $wpdb->prepare('SELECT COUNT(user_id) FROM ' . $wpdb->usermeta . ' WHERE meta_key = %s AND meta_value = %d LIMIT 1', 'tfa_enable_tfa', 1); $count_user_id = $wpdb->get_var($sql); if (is_null($count_user_id)) { // Error in query. return apply_filters('simbatfa_enqueue_login_scripts', true); } elseif ($count_user_id > 0) { // A user exists with TFA enabled. return apply_filters('simbatfa_enqueue_login_scripts', true); } // No user exists with TFA enabled. return apply_filters('simbatfa_enqueue_login_scripts', false); } /** * Return or output view content * * @param String $path - path to template, usually relative to templates/ within the plugin directory * @param Array $extract_these - key/value pairs for substitution into the scope of the template * @param Boolean $return_instead_of_echo - what to do with the results * * @return String|Void */ public function include_template($path, $extract_these = array(), $return_instead_of_echo = false) { if ($return_instead_of_echo) ob_start(); $template_file = apply_filters('simatfa_template_file', $this->templates_dir().'/'.$path, $path, $extract_these, $return_instead_of_echo); do_action('simbatfa_before_template', $path, $return_instead_of_echo, $extract_these, $template_file); if (!file_exists($template_file)) { error_log("TFA: template not found: $template_file (from $path)"); echo __('Error:', 'all-in-one-wp-security-and-firewall').' '.__('Template path not found:', 'all-in-one-wp-security-and-firewall')." (".htmlspecialchars($path).")"; } else { extract($extract_these); // The following are useful variables which can be used in the template. // They appear as unused, but may be used in the $template_file. $wpdb = $GLOBALS['wpdb'];// phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- $wpdb might be used in the included template $simba_tfa = $this;// phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- $wp_optimize might be used in the included template $totp_controller = $this->get_controller('totp');// phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- $wp_optimize might be used in the included template include $template_file; } do_action('simbatfa_after_template', $path, $return_instead_of_echo, $extract_these, $template_file); if ($return_instead_of_echo) return ob_get_clean(); } /** * Make sure that self::$frontend is the instance of Simba_TFA_Frontend, and return it * * @return Simba_TFA_Frontend */ public function load_frontend() { if (!class_exists('Simba_TFA_Frontend')) require_once($this->includes_dir().'/tfa_frontend.php'); if (empty($this->frontend)) $this->frontend = new Simba_TFA_Frontend($this); return $this->frontend; } // __return_empty_string() does not exist until WP 3.7 public function shortcode_when_not_logged_in() { return ''; } /** * Set authentication slug. * * @param String $authentication_slug - Authentication slug. Verify that two-factor authentication should not be repeated for the same slug. */ public function set_authentication_slug($authentication_slug) { $this->authentication_slug = $authentication_slug; } }