Ubuntu
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
registered['user-profile'] ) ) {
$deps = array_flip( $wp_scripts->registered['user-profile']->deps );
unset( $deps['password-strength-meter'] );
$deps = array_flip( $deps );
$deps[] = 'secupress-password-strength-meter';
$wp_scripts->registered['user-profile']->deps = $deps;
}
// Our scripts.
$suffix = defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ? '' : '.min';
$version = $suffix ? SECUPRESS_PRO_VERSION : time();
$base_url = plugin_dir_url( SECUPRESS_FILE ) . 'inc/modules/users-login/plugins/inc/';
// "zxcvbn".
wp_enqueue_script( 'secupress-zxcvbn-async', "{$base_url}js/zxcvbn-async{$suffix}.js", array(), '4.3.0' );
wp_localize_script( 'secupress-zxcvbn-async', '_zxcvbnSettings', array(
'src' => "{$base_url}js/zxcvbn.min.js",
) );
// "password-strength-meter".
wp_enqueue_script( 'secupress-password-strength-meter', "{$base_url}js/password-strength-meter{$suffix}.js", array( 'jquery', 'secupress-zxcvbn-async' ), $version, true );
wp_localize_script( 'secupress-password-strength-meter', 'pwsL10n', array(
'short' => _x( 'Very weak', 'password strength', 'secupress-pro' ),
'bad' => _x( 'Weak', 'password strength', 'secupress-pro' ),
'good' => _x( 'Medium', 'password strength', 'secupress-pro' ),
'strong' => _x( 'Strong', 'password strength', 'secupress-pro' ),
'mismatch' => _x( 'Mismatch', 'password mismatch', 'secupress-pro' ),
) );
// "user-profile".
wp_enqueue_script( 'secupress-user-profile', "{$base_url}js/user-profile{$suffix}.js", array( 'jquery', 'secupress-password-strength-meter', 'wp-util' ), $version, true );
wp_localize_script( 'secupress-user-profile', 'userProfileL10n', array(
'warn' => __( 'Your new password has not been saved.', 'secupress-pro' ),
'show' => __( 'Show', 'secupress-pro' ),
'hide' => __( 'Hide', 'secupress-pro' ),
'cancel' => __( 'Cancel', 'secupress-pro' ),
'ariaShow' => __( 'Show password', 'secupress-pro' ),
'ariaHide' => __( 'Hide password', 'secupress-pro' ),
) );
}
/**
* Enqueue plugin styles.
*
* @since 1.0
* @author Grégory Viguier
*/
function secupress_pro_strong_passwords_styles() {
$suffix = defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ? '' : '.min';
$version = $suffix ? SECUPRESS_PRO_VERSION : time();
$base_url = plugin_dir_url( SECUPRESS_FILE ) . 'inc/modules/users-login/plugins/inc/';
wp_enqueue_style( 'secupress-strong-passwords', "{$base_url}css/strong-passwords{$suffix}.css", array( 'forms' ), $version );
}
/** --------------------------------------------------------------------------------------------- */
/** FIELD ======================================================================================= */
/** ----------------------------------------------------------------------------------------------*/
/**
* Start the process that will add the password field.
* Basically it does a `ob_start()` and launches the hooks that will `ob_get_clean()`.
*
* @since 1.0
* @author Grégory Viguier
*
* @param (bool) $show Whether to show the password fields. Default true.
*
* @return (bool) Unchanged value of `$show`.
*/
function secupress_pro_strong_passwords_prepare_field( $show ) {
global $pagenow;
if ( $show && 'profile.php' === $pagenow && IS_PROFILE_PAGE ) {
ob_start();
add_action( 'show_user_profile', 'secupress_pro_strong_passwords_add_field', -2 );
}
return $show;
}
/**
* End the process that will add the password field.
* Get the password fields with `ob_get_clean()` and add the new field.
*
* @since 1.0
* @author Grégory Viguier
*/
function secupress_pro_strong_passwords_add_field() {
global $admin_title;
$content = ob_get_clean();
$sep = '';
ob_start();
?>
.*$@Us', $content, $matches ) ) {
$content = str_replace( $matches[1], $field, $content );
}
echo $content;
}
/** --------------------------------------------------------------------------------------------- */
/** CALLBACKS =================================================================================== */
/** ----------------------------------------------------------------------------------------------*/
/**
* Check the new password strength.
* If not strong, trigger an error.
*
* @since 1.0
* @author Grégory Viguier
*
* @param (object) $errors WP_Error object, passed by reference.
* @param (bool) $update Whether this is a user update.
* @param (object) $user WP_User object, passed by reference.
*/
function secupress_pro_strong_passwords_check_strength( $errors, $update, $user ) {
if ( empty( $_POST['pass1'] ) || empty( $user->user_pass ) || ! isset( $user->ID ) ) { // WPCS: CSRF ok.
return;
}
// Collect all the strings we want to blacklist.
$blacklist = array();
$user_data = array( 'user_login' => 1, 'first_name' => 1, 'last_name' => 1, 'nickname' => 1, 'display_name' => 1, 'user_email' => 1, 'user_url' => 1, 'description' => 1 );
$user_data = array_intersect_key( (array) $user, $user_data );
$user_data[] = get_bloginfo( 'name' );
$user_data[] = get_bloginfo( 'admin_email' );
// Page title and URL.
if ( ! empty( $_POST['secupress-pass-data'] ) && is_array( $_POST['secupress-pass-data'] ) ) { // WPCS: CSRF ok.
$user_data = array_merge( $user_data, $_POST['secupress-pass-data'] ); // WPCS: CSRF ok.
}
// Strip out non-alphanumeric characters and convert each word to an individual entry.
foreach ( $user_data as $i => $data ) {
if ( $data ) {
$data = preg_replace( '@\W@', ' ', $data );
$data = explode( ' ', $data );
$blacklist = array_merge( $blacklist, $data );
}
}
if ( $blacklist ) {
foreach ( $blacklist as $i => $data ) {
if ( '' === $data || strlen( $data ) < 4 ) {
unset( $blacklist[ $i ] );
}
}
}
if ( $blacklist ) {
$blacklist = array_flip( array_flip( $blacklist ) );
}
// Test the password.
spl_autoload_register( 'secupress_pro_strong_passwords_autoload' );
$zxcvbn = new Zxcvbn();
$strength = $zxcvbn->passwordStrength( $_POST['pass1'], $blacklist ); // WPCS: CSRF ok.
if ( 4 !== $strength['score'] ) {
$errors->add( 'pass', __( 'ERROR: Please enter a strong password.', 'secupress-pro' ), array( 'form-field' => 'pass1' ) );
}
}
add_action( 'wp_ajax_secupress-generate-password', 'secupress_pro_strong_passwords_generate_password_ajax_cb' );
/**
* When the "Cancel" button is clicked, a new password is sent with ajax.
*
* @since 1.0
* @author Grégory Viguier
*/
function secupress_pro_strong_passwords_generate_password_ajax_cb() {
wp_send_json_success( wp_generate_password( 24 ) );
}
/** --------------------------------------------------------------------------------------------- */
/** TOOLS ======================================================================================= */
/** ----------------------------------------------------------------------------------------------*/
/**
* Autoloader for `Zxcvbn`.
*
* @since 1.0
* @author Grégory Viguier
*
* @param (string) $class_id The class identifier, like `ZxcvbnPhp\Zxcvbn`.
*/
function secupress_pro_strong_passwords_autoload( $class_id ) {
$class_id = str_replace( '\\', '/', $class_id );
$class_id = trim( $class_id, '/' );
$file_path = __DIR__ . '/inc/php/' . $class_id . '.php';
if ( file_exists( $file_path ) ) {
require_once( $file_path );
}
}